See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/281640595

Security Threats of URL Shortening: A User’s Perspective

Article in Journal of Advances in Computer Networks · September 2015

DOI: 10.7763/JACN.2015.V3.169

CITATIONS READS

6 6,116

2 authors:

Nhien-An Le-Khac Tahar Kechadi

University College Dublin University College Dublin
340 PUBLICATIONS 5,755 CITATIONS 488 PUBLICATIONS 6,686 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Nhien-An Le-Khac on 21 January 2016.

The user has requested enhancement of the downloaded file.

 Journal of Advances in Computer Networks, Vol. 3, No. 3, September 2015

Security Threats of URL Shortening: A User’s Perspective

Nhien-An Le-Khac and M. Tahar Kechadi

 does not exceed 30 characters. When users request the

Abstract—Short URLs have been used on the Internet for shortened URL, they are automatically redirected to the
several years now and as time goes by new security threats are original URL.”
discovered in relation to their use (e.g. malware, phishing, spam). Although the primary aim of URL shortening is to avoid the
However, although current research in literature has compiled
addressing the security threats when utilizing such types of
character limit set up by certain web services and platforms
URLs, no study approached the assessment of user confidence there are other uses for URL shortening such as to "beautify" a
and user awareness regarding short URLs. Thus the aim of this link, to track clicks or to disguise the underlying address.
paper is to cover the existing knowledge gap and to compile a However, with this Internet service introduced, there
baseline assessment on the frequency of use, user confidence and appeared also ways to abuse it such as malware attacks (spam,
user awareness when utilizing short URLs. To do so, we have malicious payloads etc.) that will also be detailed throughout
developed questionnaire connected to the previously mentioned
aspects and which was applied to one hundred persons of the present paper.
various nationalities from within the European Union with Today, there are constantly new threats uncovered in
various user experiences when it comes to the Internet and short relation to short URLs and new security risks identified for
URLs. The analysis of the replies received from the participants users. Yet, with all the focus on the risks in utilizing short
to the survey has revealed a general awareness that there are URLs, no study approached the assessment of user confidence
security risks associated with short URLs, a tendency of
and user awareness regarding short URLs that in turn can
propagation of short URLs to other Internet services and
platforms. prove effective in any cybercrime prevention policy or
strategy.
Index Terms—Security, threats, URL shortening, user The aim of this paper is to compile a baseline assessment
perspective. on the user confidence and user awareness when utilizing
short URLs following years of implementation of these
services. This assessment may prove useful in developing
I. INTRODUCTION user awareness products in relation to short URLs or
In a society where the Internet is used more and more in our cybercrime risks prevention material.
daily lives, there is a need for the information to be delivered The rest of this paper organized as follows: Section II
faster and without restraints. Information on the Internet is shows the related work of this research area. We present risks
usually included in web pages, multimedia platforms, blogs, of using shortened URLs in Section III. We describe our
social networking sites that are all accessible via specific adopted approach to evaluate the users’ perspective on
Uniform Resource Locator (URL). Currently some social Security Threats of URL Shortening in Section IV. We show
networking sites as well as other websites pose certain limits our experiments and analysis in Section V. Finally, we
as to the number of characters which a URL can include. conclude and discuss on future work in Section VI.
Therefore, the need appeared for a service which would
shorten a URL and deliver it to the user. The shortened URL
would be just an alternative to the initial URL so that the user II. RELATED WORK
can access the same information without the restraint of the The topic of short URLs has been debated over a number of
number of characters. years as the security risks associated with their use poses
According to Wikipedia [1], "URL shortening is a significant concerns to users. Therefore the studies
technique on the World Wide Web in which a URL may be undertaken until present time have focused more on the risks
made substantially shorter in length and still direct to the implied by the use of short URLs rather than user confidence
required page. This is achieved by using an HTTP Redirect on or user awareness regarding these shortened links.
a domain name that is short, which links to the web page that In a joint study [3] presented during the Proceedings of the
has a long URL. This is especially convenient for messaging 2013 International World Wide Web Conference (WWW) by
technologies such as Twitter and Identi.ca that severely limit researchers from the Polytechnic University of Milan, Italy
the number of characters that may be used in a message. Short and the University of California, Santa Barbara, US, the risks
URLs allow otherwise long web addresses to be referred to in of using short URLs were evaluated.
a tweet". Another definition of the term short URL can also be The study analyzed the measures taken by URL shortening
found in [2]: “URL shortening services are used to replace a services in preventing malicious links being shortened,
long “Internet Address” (URL) by a shorter one which usually focusing on spam, phishing and malware. The study also
included an overview of the risks associated with the use of
Manuscript received May 5, 2015; revised August 5, 2015. shortened URLs.
The authors are with the School of Computer Science & Informatics,
The research was based on the submission to URL
University College Dublin, Belfield, Dublin 4, Ireland (e-mail:
[email protected], [email protected]). shortening services of a specific number of URLs which

DOI: 10.7763/JACN.2015.V3.169 213

 Journal of Advances in Computer Networks, Vol. 3, No. 3, September 2015

delivered exploits targeted at vulnerabilities in web browsers All the above studies introduce the risks associated with
as well as browser plug- ins, URLs associated with phishing using short URLs and they assess the existing URL shortening
and URLs observed in spam e-mails with the purpose of services in terms of security of browsing on the Internet,
determining whether URL shortening services block one or measures taken by the administrators of URL shortening
more classes of threats. According to the researchers, the services, their popularity or existence over time. These
results appeared to be consistent across the URL shortening studies have been presented since they are representative for
services meaning that the services had implemented measures the approach to focus on studies related to the risks of using
to detect malicious URLs such as blacklisting malicious short URLs.
domains from URL shortening and more real time monitoring However there is no individual study on the assessment of
of what URLs get shortened. user confidence or user awareness associated with utilizing
Although in some cases the shortening of malicious URLs short URLs. Therefore, in our research, we aim to cover the
was possible without restrictions, most of the URLs were gap on the user experience in relation to short URLs and to
flagged subsequently as malicious. compile a baseline assessment on the frequency of use, user
A study [4] compiled in May 2011 by researchers from the confidence and user awareness when utilizing short URLs. In
University of Aachen, Germany further detailed the security this paper, we also include an overview on the risks associated
and privacy implications of URL shortening services. The to short URLs, which is instrumental in assessing the user
study included an analysis of the security and privacy risks experience in relation to shot URLs.
caused by the use of URL shortening services, an analysis
regarding the malicious behavior, user tracking as well as
leakage of URLs to search engines of the most popular URL III. RISKS OF USING SHORTENED URLS
shortening services used on Twitter and an analysis of the URL shortening services are popular when it comes down
spam detection performance for the most popular URL to shortening long URLs that have the possibility to break or
shortening services. The study also included a new attack are simply too long to be inserted in e-mails, posts on Social
scenario to enable SSL-only circumvention using SSLStrip Networking websites or blogs. However the disadvantage is
and shortened URLs. Following the research, the results that with these URL shortening services you are no longer
yielded that none of the most popular URL shortening able to see directly where your browser will be pointed.
services at the time displayed any malicious behavior. Shortened URLs could lead to the following security risks:
However many of the shortening services were well-prepared 1) sites which host malware, trojans and other malicious
for user tracking. Another outcome of the research was that by programs;
enumerating shortening services a significant amount of 2) sites which could exploit security risks in a browser or
sensitive or private information could be found and that system;
several shortening services leaked submitted URLs to search 3) sites which contain phishing attempts and try to steal
engines. personal information;
Another study compiled in March 2011 by researchers [5] 4) sites which contain phishing attempts by social
from the Foundation for Research and Technology — Hellas, interaction;
Greece provided a characterization on the usage of short 5) sites which are being used in spam campaigns.
URLs. The research was aimed at examining the content to We discuss on these risks more details in the following
which short URLs point to, how they were published, their sub-sections.
popularity and activity over time as well as their potential
impact on the performance of the web. Authors used in their A. Spam
study two sources of short URLs: collected from a large scale Spamming has become increasingly the most lucrative
crawl of shortening services and collected by crawling activity for hackers. URL shortening services are notorious [6]
Twitter messages. The outcome of the study was highlighted for being used by spammers in an attempt to avoid having
in several observations: their mail blocked by pointing at their own domains. They
1) short URLs appear mostly in ephemeral media with hope that by using a well-known, widely used, and free
profound effects on their popularity, lifetime and access service that they will be able to avoid having their content
patterns; filtered.
2) a small number of a very large number of hits while the In a report [7] issued in May 2011 by Message Labs,
majority of short URLs have very limited accesses; evidence turned out that spammers established their own URL
3) short URLs become popular very fast which implies shortening services.
spikes in accessing of the links and corresponding traffic According to an article [8] from the examiner.com,
surges; following a spike in spamming by using the Google
4) the most popular websites to which short URLs point to proprietary URL shortening service goo.gl, Facebook has
change slowly over time; started blocking the shortened URLs.
5) URL shortening services are extremely effective in space
B. Malware
gaining, in more than 90% of the cases, the resulting short
URL reduced the amount of bytes needed for the URL by Previously malware associated domain names were easier to
95%; however the imposed redirection of URL identify. The malware associated URLs tend to make less
shortening services increased the web page access times sense as it is difficult to obtain a domain name which looks
by an additional 54%. similar to a legitimate site. Yet, with URL shortening services

214
 Journal of Advances in Computer Networks, Vol. 3, No. 3, September 2015

you are using a well-known and "safe" domain. The is exposed to when accessing a Shortened URL. Details of
possibilities are limited for most services to allow users to see these questions are described as below.
the destination URL that a shortened URL points to. The first group is intended to provide an understanding on
For Facebook and Twitter, URL shortening services are how often and in relation to which Internet services (i.e. web
common and users don't have second thoughts usually in browsing, social networking sites etc.) the subjects of the
accessing them. E-mail has become a less reliable means for Survey make use of short URLs. The Internet services
phishing because of the anti-spam services involved. With mentioned in the Questionnaire were added based on a
URL shortening, it becomes easier because it "looks previous paper [4] released in May 2011 referring to security
legitimate". It's a little more than an accepted form of implications of URL shortening services.
obfuscation. The second group approaches the user confidence in
An example of URL shortening abuse was presented on the utilizing short URLs. One question attempts to identify the
MX Lab Blog [9]. typology of URL shortening services a person is more at ease
with using, either well known services or a specific shortening
C. Phishing
service. Another question is aimed at determining the
According to the Global Phishing Survey [10] of semester subject's perception of the safety when using a short URL.
two 2013, phishers continue to use “URL shortening” services Associated to this is one more question that inquires the
to obfuscate phishing URLs. Users of those services can subject as to how he or she perceives the measures taken by
obtain a very short URL to put in their limited space posts, URL shortening services in order to protect users of Internet
which automatically redirects the visitor to a much longer security risks (i.e. malware, spam etc.). The final question in
“hidden” URL. In the last report Global Phishing Survey, relation to user confidence is a composite question made up of
such use plummeted to only 270 attacks in the first semester three different indicators with reference to a short URL,
of 2013, sharply down from 785 in the second semester of respectively stability, lifetime and popularity. The
2012. Unfortunately, the phishers have come back to using measurement of the indicators gives out an overall perception
this technique again, with 999 such phishing attacks detected as to certain characteristics of short URLs which make them a
in the second semester of 2013. better option of choice for Internet users.
The third group makes up the final part of the
Questionnaire that addresses the subject's perception on the
IV. ADOPTED APPROACH risks he or she is exposed to when utilizing short URLs. This
In order to evaluate the user perspective in relation to short group begins with a general assessment on the level of risk
URLs, a survey was conducted aimed at creating a baseline perceived by the subject of the Survey in relation to the use of
assessment of the most frequent use of shortened URLs, user short URLs. One question in this group touches upon the most
confidence and user awareness on the risks associated. frequent security risks associated with the use of short URLs
The Survey Questionnaire was conceived based on the (i.e. malware, phishing, spam) identified in previous papers as
"intelligence led policing" approach, in the sense that in the well as articles and it tries to determine the level of
order to take appropriate prevention actions, you should acknowledgement on the risks from the side of the survey
profile the users and conceive prevention products on subject. Another question goes one step further and puts into
shortened URLs which are addressed to a specific type of user discussion the issue of specific software products installed on
or a specific type of user activity (i.e. social networking site, the subject's machine in order to avoid security risks when
e-mails etc.). The Questionnaire is structured in two sections: using short URLs. There are two questions that aim at creating
general questions and specific questions. a minimum level of awareness on the risk potential of short
A. General Questions URLs through the examples of phishing and malware:
1) First question refers to an observation [10] included in
The general questions are aimed at defining the profile of
the Global Phishing Survey of semester 2 of 2013
the subject who is taking the survey. In order to achieve these
mentioning that approximately 51% of all of the
two questions were devised; one connected to the amount of
malicious shortened URLs used for phishing were found
time the user spends on the Internet and the second on the area
at a single provider (i.e. tinyURL.com).
of interest while browsing.
2) Second question refers to a situation from 2009 when the
The first question focuses on the time spent online since
URL shortening service Cligs was hacked [11]. Yet, the
this can be an indicator as to the frequent use of multiple
hacking of the Cligs URL shortening service has puzzled
Internet services and the probability of using an URL
shortening service. security researchers. Instead of pointing to a spamming
The second question is aimed at identifying the frequent related site, the redirect was executed towards a harmless
area of interest of the subjects who are taking part in the Register site. One of the theories explaining the strange
survey so that appropriate measures can be devised later in redirect which was advanced by a senior technology
relation to cybercrime prevention material. consultant for SophoLabs was that the hacker rerouted
users to the Orange County Register site by mistake. At
B. Specific Questions the time of the hack, Cligs was ranked as number four
The second part of the Questionnaire is composed of three most popular URL shortening service used on Twitter.
groups of question that address three main issues: (i) the Despite the inconvenience and possible loss of tens of
frequency of use of URL Shortening Services; (ii) user thousands of URLs, security experts had said that the
confidence as well as (iii) user awareness on the risks that one attack could have been much worse as the hackers could

215
 Journal of Advances in Computer Networks, Vol. 3, No. 3, September 2015

have redirected millions of shortened URLs to a website survey subjects are likely to provide an objective overview on
hosting malware. the use of short URLs since they spend more time on the Web.
The final question in the third group addresses the The second question addressed the issue of the frequent
important issue of protection measures that can be taken by areas of interest on the Internet. The first 3 choices were made
users in order to avoid malicious security threats associated up of 34% of the respondents who provided feedback that
with short URLs. To this end, this question inquires about the they are interested in checking their e-mail accounts, 28% of
suitability of a list of protection options which can be easily the subjects who mentioned they are interested in news sites
put into practice by users with basic IT skills, such as: and 25% of the subjects who mentioned they have an interest
1) installing a Site Advisor software [12] in social networking sites (Fig. 1).
2) installing an Add-on in the web browser which allows the
user to view the long URL instead of the shortened URL
of websites;
3) previewing the web sites where short URLs redirect with
specialized web services before accessing them.
Although the Questionnaire is conceived as one which
should be accessible to Internet users with all levels of
technical skills, for specific questions there is also an
additional option mentioned in certain questions which is a
free text option (i.e. “other, please specify...”) which is aimed
at more advanced Internet users who can give a more
thorough description of their experience when using short
URLs. Fig. 1. Proportion of areas of interest on the internet.

Therefore any prevention material on the topic of short

V. EVALUATION AND ANALYSIS URLs should be addressed to these 3 categories of services.

A. Experiments C. Frequency of Use of Shortened URLs

The Survey was applied on a number of 100 people in the When asked how often they use short URLs, out of the 100
age range 28 - 50. The nationality of the subjects was broadly survey participants, 55 responded that they rarely use these
distributed among the 28 European Union Member States. types of URLs, 21 responded that they use them every day, 15
The Questionnaire was distributed in electronic format provided feedback that they use them once every couple of
over a period of 5 days. days and 9 persons replied that they never use short URLs.
As mentioned above, the Questionnaire was divided into a
general questions section with a view of determining the
subjects' preferences and Internet usage patterns as well as a
specific questions section in order to address.
Following the distribution of the Questionnaire and the
receipt of the filled in documents, the results were analyzed
based on the initial three goals of the survey:
1) frequency of use;
2) user confidence;
3) user awareness;
When utilizing short URLs on the Internet.
Although all 100 people (so-called subjects) returned the
filled in Questionnaire in electronic format, a number of 9 Fig. 2. Proportion of services where short URLs are used on the internet.
participants to the survey mentioned that they never use short
URLs and therefore did not continue with filling in the Out of the 91 persons who replied they use short URLs, the
Questionnaire. Hence, these 9 subjects only provided largest proportion 51% use them on Social Networking Sites
feedback on the first 3 questions of the survey. followed closely by 32% of the subjects who use them while
Therefore a number of 91 subjects responded to all of the accessing various websites. This tendency is in line with the
questions included in the survey, answers which will be main aim of short URLs which was to counter restrictions
analyzed in the following sections. imposed by Social Networking sites however it reveals an
interesting development in the use of short URLs on other
B. General Questions web pages and e-mails. Specifically this shows that the
Based on the answers to general questions by the proportion of use of short URLs is propagating to other
participants to the Questionnaire, the following conclusions services on the Internet which means a higher coverage by
were made available on the subjects of the Survey. short URLs and increased risks for users (Fig. 2).
The majority of the subjects 34% spend 1 - 2 hours daily on In an attempt to identify the Social Networking Site where
the Internet daily followed by 33% who spend 2 - 4 hours on short URLs are more frequently utilized, 48% of the subjects
the Internet. These figures provide an indication that the use short URLs on Facebook (Fig. 3).

216
 Journal of Advances in Computer Networks, Vol. 3, No. 3, September 2015

This proportion reflects on the one side the expansion of opinions on three characteristics of short URLs specifically
the social networking platform Facebook; however on the stability, lifetime and popularity, which are indirectly related
other side is a signal of the popularity of the short URLs which to user confidence. Although when asked how they would rate
have begun to be adopted equally by other platforms. the stability and lifetime of short URLs, the majority of
participants to the Survey rated them as moderate, in terms of
popularity of short URLs most users rated them as good - 46%
and 18% rated them as very good (Fig. 5).

Fig. 3. Proportion of social networking sites where short URLs are used.

D. User Confidence in Accessing Short URLs

In terms of user confidence when it comes to shortening
services providers, the participants were quite straight
forward.
Fig. 5. Rating of stability, lifetime and popularity of short URLs.
When asked which short of URLs they are more confident
in using, 70% of the Survey participants answered that they
From the assessments of the three characteristics and
feel more confident in using URLs from well-known
corresponding charts, we can draw the conclusion that users
shortening services (i.e. goo.gl, bit.ly, t.co, ow.ly, tinyurl.com)
are not currently very concerned about the stability and
and the rest of the subjects mentioned that it doesn't matter
lifetime of short URLs; however they do agree that these types
which URL shortening service the link refers to.
of URLs are popular. This aspect would leave room for
This could be an indication for the URL shortening services
significant improvement in future awareness papers on short
with the highest number of accessed links to step up their
URLs to focus on the issue of stability (i.e. broken links etc.)
measures in providing safe URLs for their users.
as well as lifetime (i.e. availability of the short URL).
An important observation as to user perception of safety
when utilizing short URLs can be seen in the replies to E. User Awareness When Using Short URLs
question related to the ranking of using short URLs. None of As mentioned in the previous chapter of the paper, the final
the subjects ranked the safety a very good. Out of the 91 part of the Questionnaire addresses the issue of user
subjects who use short URLs, the majority of the respondents awareness on the risks that one is exposed to when accessing a
- 42 - pointed out that the safety can be ranked as moderate Shortened URL.
followed by 33 subjects who ranked it as poor (Fig. 4). This Based on the replies of the subjects, out of the 91 users of
shows a certain user awareness as to the risks which can occur short URLs, 45 of the respondents (approximately 49%)
when utilizing short URLs. considered the risk moderate, however an important number
The following question addresses the people perception on of participants — 30 (approximately 33%) found the risks as
the measures taken by URL shortening services to deliver risk high and 8% considered the risk as very high (Fig. 6).
free short URLs. Approximately 57% of the survey Going into detail on the risks associated with short URLs,
participants rated the measures as moderate and the subjects of the Survey were asked to identify the potential
approximately 30% considered the measures as poor. threats linked to the use of short URLs.

Fig. 4. Ranking of safety in relation to utilizing short URLs by users. Fig. 6. Rating of risks perceived in relation to the use of short URLs.

As mentioned above, one of the question inquires user The majority of the respondents pointed out that phishing

217
 Journal of Advances in Computer Networks, Vol. 3, No. 3, September 2015

attacks would be more frequent with 38% of the respondents previewing the web sites where shortened URLs redirect with
indicating them as the prevalent threat, followed by spam in specialized web services before accessing them (Fig. 8).
proportion of 34% and malware attacks with 27% (Fig. 7).

Fig. 8. Proportion of protection measures considered measures considered

Fig. 7. Proportion of possible threats linked to short URLs. suitable by users in order to avoid security threats.

Although the survey participants have identified in the Given the answers provided, we can draw the conclusion
previous question several key threats to IT security when that users prefer to have a solution which integrates all
accessing short URLs, the majority of subjects — 74% still security protection measures from short URLs in one piece of
believe that their Antivirus software is sufficient to counter software which is compatible with a variety of Internet
any risks associated with the use of short URLs. The browsers.
remaining 26% of the respondents provided solutions such as F. Further Analysis
the use of virtual machines, Norton Safe Web software [13],
The Questionnaire on the use of URL shortening services
McAfee Site Advisor [12], Bitdefender TrafficLight [14],
provides a baseline assessment as to how Internet users
Quttera URL Scanner [15]. The other questions in this group
currently interact with shortened URLs and what is their
are inter-related in the sense of presenting situations to the
participants to the survey, which are representative for perception on the frequency of use, user confidence and user
abusing URL shortening services. awareness when utilizing short URLs.
The situations refer to: In terms of frequency of utilizing short URLs, these types
1) An observation included in the Global Phishing Survey of URLs are apparently rarely used while browsing the
of semester 2 of 2013 mentioning that approximately Internet. However there is an important development noticed
51% of all of the malicious shortened URLs used for in the areas where the short URLs are used, specifically that
phishing were found at a single provider (i.e. although the main aim of short URLs was to counter
tinyURL.com); restrictions imposed by Social Networking sites, the use of
2) The account that in 2009 a URL shortening service (i.e. short URLs is propagating to other services on the Internet (i.e.
Cligs) was hacked which lead to 2 billion shortened normal web-pages and e-mails) which means a higher
URLs re-directed to a single web page. coverage by short URLs and increased risks for users.
The conclusion is that an overwhelming majority of users, In terms of user confidence, the Questionnaire proves that
90% in the first situation and 84% in the second situation, are there is a general awareness by the users that accessing short
not aware of concrete cases involving abuses of URL URLs is not perceived as a completely safe action when
shortening services. browsing the Internet. Users apparently feel more confident in
Although knowledge of these situations is not a using URLs from well-known shortening services (i.e. goo.gl,
pre-requisite for all Internet users, such concrete examples of bit.ly, t.co, ow.ly, tinyurl.com ). This could be an indication
short URL abuse should be included in any material aimed at for the URL shortening services with the highest number of
the general public reflecting the risks of short URLs. accessed links to step up their measures in providing safe
The final question of the survey attempts to establish the URLs for their users.
preferred modalities of users to protect themselves from the In addition, users are not currently very concerned about
risks associated to short URLs. the stability and lifetime of short URLs, however they do
The majority of the participants to the survey — 46% agree that these types of URLs are popular. This aspect would
mentioned they would be more comfortable in installing a Site leave room for significant improvement in future awareness
Advisor software, probably because this is the most practical papers on short URLs to focus on the issue of stability (i.e.
solution as aside from installation it does not require broken links etc.) as well as lifetime (i.e. availability of the
additional measure to be taken by the user. short URL).
The following option according to the respondents to the In terms of user awareness, the survey reveals that the
survey — 31% would be installing an Add-on in their browser majority of users still perceive the risks posed by short URLs
to allow the user to visualize the complete URL when as moderate followed closely by another category of users
"surfing" the Internet, yet this solution is not very widely who perceive the risks as high. Although the Survey
accepted since it can be limited to a specific Internet browser. participants have identified several key threats to IT security
The third option chosen by the subjects — 18% was (i.e. phishing, spam, malware) when accessing short URLs,

218
 Journal of Advances in Computer Networks, Vol. 3, No. 3, September 2015

the majority of subjects - 74% still believe that their Antivirus REFERENCES
software is sufficient to counter any risks associated with the [1] URL shortening. [Online]. Available:
use of short URLs. There is however a small proportion of http://en.wikipedia.org/wiki/URL_shortening
[2] A. Neumann, “Analyzing security implications of URL shortening
users who are taking a proactive approach in avoiding risks of
services,” Diploma Thesis, RWTH Aachen University, 2011.
short URLs by installing different software applications such [3] F. Maggi, A. Frossi, S. Zanero, G. Stringhini, B. Stone-Gross, C.
as Norton Safe Web software, McAfee Site Advisor, Kruegel, and G. Vigna, “Two years of short URLs internet
Bitdefender TrafficLight, Quttera URL Scanner or an measurement: Security threats and countermeasures,” presented at the
Intl. World Wide Web Conference (WWW), Rio de Janeiro, 2013.
Antivirus software with Total Security (including web surfing, [4] A. Neumann, J. Barnickel, and U. Meyer, “Security and privacy
site advisor). implications of URL shortening services,” presented at the Web 2.0
As observed from analyzing the answers to the Security and Privacy 2011 Conference, Oakland, USA, May 2011.
[5] D. Antoniades, E. Athanasopoulos, I. Polakis, S. Ioannidis, T.
Questionnaire, an overwhelming majority of users are not Karagiannis, G. Kontaxis, and E. P. Markatos, “Web: The web of short
aware of concrete cases involving abuses of URL shortening URLs,” presented at the 2011 Intl. World Wide Web Conference
services. Although knowledge of these situations is not a (WWW), Hyderabad, India, March 2011.
[6] AI. Iversion. (March 2011). Spamhaus and URL shortening services.
pre-requisite for all Internet users, such concrete examples of Spam Ressource. [Online]. Available:
short URL abuse should include in any material aimed at the http://www.spamresource.com/2011/03/spamhaus-url-shortening-serv
general public reflecting the risks of short URLs. Another ices.html
observation based on the user awareness section of the [7] MX Lab. (January 2011). Increase in usage of URL shorteners in spam
campaigns. [Online]. Available: http://blog.mxlab.eu/2011/01/04
Questionnaire is that when it comes to the preferred [8] D. Lauretti, “Facebook is blocking links from Google's URL
modalities of users to protect themselves from the risks shortening service,” Examiner, March 2013.
associated to short URLs, most of them are inclined to adopt a [9] MX Lab. (July 2009). Shortened URLs: The real dangers behind and
how to avoid troubles. [Online]. Available: http://blog.mxlab.eu
solution which integrates all security protection measures /2009/07/17/
from short URLs in one piece of software which is compatible [10] G. Aaron, R. Rasmussen, and A. Routt, “Global phishing survey:
with a variety of Internet browsers (e.g. a Site Advisor Trends and domain name use in 2H2013,” APWG Industry Advisor,
MA, USA, April 2014.
software). [11] S. Hoffman, “Cligs URL shortening service hacked, users redirected,”
In addition, based on the General questions section of the CRN Technology News for Solution Providers and the IT Channel, p.
Survey we can draw the conclusion that opposite to the 1, June 2009.
[12] M. Rajab, L. Ballard, N. Lutz, P. Mavrommatis, and N. Provos,
current tendency that awareness material on the risks of using
“CAMP: Content-agnostic malware protection,” presented at the 20th
short URLs is usually published on IT security sites, such Annual Network & Distributed System Security Symposium, CA,
prevention material would yield better results if published on USA, February 24, 2013.
the platforms of e-mail clients, news services and social [13] M. Merritt, Family Online Safety Guide, 4th ed. Norton Symantec Press,
December 2012.
networking sites as these are the common areas of interest of [14] C. A. Consoi, “Dealing with image spam,” Virus Bulletin, pp. 1-3,
users on the Internet. Based on the feedback received from the December 2006.
participants to the Survey, an observation can be made that [15] R. Fry, “Malware defense and automation: Fully integrated defense
operation,” presented at the RSA Conference, February 24-27, 2014.
the Questionnaire can prove to be a valuable tool for [16] N-A. Le-Khac, L. M. Aouad, and M. T. Kechadi, “Knowledge map:
compiling prevention material aimed at users of short URLs. Toward a new approach supporting the knowledge management in
distributed data mining,” presented at the 3rd International Conference
on Autonomic and Autonomous Systems, Athens, Greece, 2007.
[17] N. A. Le-Khac, M. T. Kechadi, and J. Carthy, “ADMIRE framework:
VI. CONCLUSION AND FUTURE WORK Distributed data mining on data grid platforms,” presented at the
As a final conclusion it can be pointed out that there is a International Conference on Software and Data Technologies, Setubal,
Portugal, September 11-14, 2006.
general awareness that the use of short URLs is associated
with security risks while browsing the Internet. Furthermore Nhien-An Le-Khac is a lecturer at the School of
there is a remote category of users who are taking additional Computer Science & Informatics (CSI), University
College Dublin, Ireland. He obtained his Ph.D. degree
measures to protect themselves against risks of short URLs. in computer science in 2005 from the Institute
However the lack of user awareness on concrete threats (i.e. National Polytechnique Grenoble (INPG), France. His
actual cases of short URL abuse) as well as the lack of a research interest spans the area of data
mining/distributed data mining for security, fraud and
strategy in disseminating prevention material on platforms
criminal detection, cloud security and privacy, grid
which are frequently used (i.e. e-mail clients, news services, and high performance computing.
social networking sites) can cause substantial problems in the
future especially with the expansion of short URLs to other M. Tahar Kechadi received his PhD degree in
computer science from University of Lille I, France.
Internet services and platforms. He was appointed as a lecturer at the Computer
More surveys are being carried out. We are moreover Science Department of Lille University. He joined
analyzing and extracting knowledge related to the users’ UCD in 1999 as a permanent staff member of the
School of Computer Science & Informatics (CSI). He
perspective on using short URLs and handling these is currently a professor of computer science at CSI,
knowledge with our knowledge map [16], [17]. UCD. His research interests span the areas of
distributed data mining healthcare data analytics, grid
ACKNOWLEDGMENT and cloud computing, and digital forensics and cyber-crime investigations.
Prof. Kechadi has published over 265 research articles in refereed journals
This research is conducted by one of the MSc FCCI and conferences. He serves on the scientific committees for a number of
students, any comment or feedback please contact [email protected] international conferences. He is the editor-in-chief of Journal of Computer
Science of Science Publications. He is also an associate editor of the Journal
or [email protected]. of Future Generation of Computer Systems.

219

View publication stats