We’ve blogged before about the potential dangers that can lurk behind shortened URLs. Because shortened URLs are commonly shared among friends on social networking sites, users often don’t think twice about clicking on them despite the fact that they don’t know where they are being directed. Hackers and spammers have taken advantage of this trust by using shortened URLs to spread their wares to unsuspecting victims.
But that is about to change. Today, bit.ly – the leading URL shortening service – took a major step forward in preventing malware, spam and phishing through its shortened links by announcing that they will use Websense ThreatSeeker Cloud to analyze and categorize the Web sites and content behind millions of shortened bit.ly URLS created daily.
Bit.ly will use the Websense security-as-a-service platform to scan both new and existing bit.ly links in real time as users click on them. Websense will conduct full content analysis for the IP sources, Web sites and Web content behind the bit.ly links, including categorization and reputation analysis of the URL, property type, lexical and search reputation, history, age, geography, neighboring properties and more. If the user attempts to click on a link leading to malicious code, spam or a known phishing site, bit.ly will display an alert describing the threat potential and give the user the option to safely navigate away.
The use of bit.ly continues to increase exponentially. In October, the company shortened more than two billion links, helping to enable communication on the Web through services like Twitter and Facebook and in email and instant messaging. Within the next month, bit.ly plans to begin processing millions of shortened links daily through the Web API of the Websense ThreatSeeker Cloud, with the potential to process more in the future.
Click here to read analysis and opinion on the topic from Rich Mogull, analyst and founder of the information security research firm Securosis.