ePrism team discovers malicious exploit embedded in popular URL shorteners
URL shorteners may be susceptible to this new exploit when a change is allowed to the long URL after the shortened URL is created. The malicious parties fabricate an email that appears to be a legitimate marketing email which includes the shortened URL — passing by any in-transit virus scanning and potentially other spam checking tools.
“Several days ago, we detected this new exploit while performing our real-time, human analysis on spam campaigns,” said Blake Tullysmith, Principal Engineer at EdgeWave. “With over 100 million URLs being shortened per day, this new exploit can potentially impact billions of users across email and social media campaigns.”