Shortened URLs included in garden-variety emails and tweets are harder for antivirus and antispam applications to weed out, giving hackers another lucrative avenue to spread spam quickly and with much greater efficiency.

That’s the word from security software vendor Symantec (NASDAQ: SYMC), which dedicated most of its July MessageLabs Intelligence report to the pesky shortened URLs that are pretty much a prerequisite for quickly sharing links to stories, tweets and images on Twitter and other microblogging services.

Symantec’s report found that shortened-hyperlink spam hit a one-day peak of 18 percent of all spam emails on April 30, a total of more than 23.4 billion messages in one 24-hour period.

More troubling, Symantec security experts said, is the recent trend showing that shortened, spam-laden URLs are becoming as much a fabric of the spam culture as come-ons from Nigerian royalty and shady pharmaceutical dispensaries.

In the second quarter of last year, Symantec found that there was one day out of the three-month span during which shortened hyperlinks appeared in more than 1 in 200 spam messages. This year, however, there were 43 days when shortened URLs with spam accounted for 0.5 percent of all spam traffic and 10 days when the total surged to more than 5 percent of all spam messages.

“As far as spammers are concerned, any tactics that make it harder to block their spam emails are going to be exploited,” Paul Wood, a senior analyst at Symantec’s MessageLabs, said in the report.

“When spammers include a shortened URL in spam messages, these shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional antispam filters to identify the messages as spam based on the reputation of the domains found in the spam emails,” he added.

This alarming influx of shortened URLs containing spam and malware was to be expected, security experts say, as more and more people embrace Twitter, its messages’ 140-character limit and the short URLs they often necessitate. And now that these shortened URLs with legitimate-looking domains are now being disseminated by botnets, the spammers are increasing their infection rate and generating lots of ill-gotten revenue.

Symantec’s surveillance revealed that the infamous Storm botnet, which reemerged in May, is the main source of malicious shortened URLs, accounting for some 11.8 percent of spam in the category.

“While botnets are often the source of short URL spam, 28 percent of this type of spam originated from sources not linked to a known botnet, such as unidentified spam-sending botnets or non-botnet sources, such as webmail accounts created using CAPTCHA-breaking tools,” Wood added.

The report discovered that that on average, one website visit is generated for every 74,000 spam emails containing a shortened URL link and the most frequently visited shortened links from spam received more than 63,000 website visits.

A decade after the Love Bug virus attacked millions of computers worldwide and put the Philippines in the IT world map in a negative way, computer security experts have noticed that today’s computer attacks are more malicious than the original computer security threat.

In its April 2010 security report, Symantec said it has detected 36,208 unique strains of malware that were designed to carry out targeted attacks.

MessageLabs, which was acquired by Symantec later, was the first one to raise the alert on the Love Bug virus, which was designed to overwrite and destroy data. The virus came in the form of a message attachment when, once opened, sent itself to the addresses of the email recipient and spread on from there.

Ten years since Symantec Hosted Services, then MessageLabs, intercepted 13,000 copies of the virus in a single day on 4 May 2000, MessageLabs Intelligence said it now stops 1.5 million copies of malicious e-mails each day.

“Although mass mailing viruses like the Love Bug are rare today, cyber criminals’ techniques have evolved to more malicious, highly targeted attacks and they are motivated less by achievement and credibility than by financial gain and identity theft,” Symantec said in a statement. “On 4 May, 2000, 1 in 28 e-mails contained the Love Bug virus. By comparison, 1 in 287.2 e-mails contained a virus on 9 April 2010, the peak for April. In April 2010 overall, MessageLabs Intelligence intercepted 36,208 unique strains of malware.”

“The Love Bug was operating in the wake of the Melissa virus, a similarly destructive worm from the previous year,” said MessageLabs Intelligence senior analyst Paul Wood. “Back then, users were less savvy, regarding the dangers posed by suspicious e-mail attachments and e-mails from unknown senders. The general public was also less aware of issues such as spam and denial of service attacks.”

Bot Attacks

The April 2010 MessageLabs Intelligence Report also revealed that Rustock has surpassed Cutwail as the biggest botnet both in terms of the amount of spam it sends and the amount of active bots under its control.

The report noted that Rustock has reduced the output of individual bots by 65 per cent but increased the number of active bots by 300 per cent, thus, making up for the decreased output. Meanwhile, Cutwail has reduced in size to 600,000 bots from two million bots in May 2009 and is now responsible for only four per cent of all spam. “Rustock remains the largest spam-sending botnet responsible for 32.8 per cent of all spam,” the report read.

“Affected by the closure of ISP Real Host in August 2009, Cutwail likely lost the ability to update some of its bots causing its numbers to diminish greatly without the ability to recover,” said Wood. “As a result, Rustock has taken over significant volumes from spammers by undercutting the market with greater capacity and lower operational costs.”

Spam

Worldwide, the spam rate this month was pegged at 89.9 per cent, a drop of 0.8 per cent from the previous month. In the region, Malaysia and Singapore also saw a drop in the spam rate to 87.7 per cent, and 87.6 per cent respectively, the report added.

“Spam is more commonly sent from computers running Windows than from those running other operating systems,” Wood said. “However, spam not identified as coming from botnets was seen in lower proportions coming from Windows machines than from known botnets.”

A smiley-faced instant message with a photo link posing as if it’s from someone on your buddy list is actually spreading misery worldwide in the form of a worm on Yahoo Instant Messenger: The IM ultimately delivers a worm that allows an attacker to take over the victim’s machine, not to mention spread itself among the victim’s contact list.

Researchers at BitDefender, BKIS, and Symantec today each separately warned Yahoo Messenger users about the worm attack, which is rapidly growing. Catalin Coisoi, senior malware and virus researcher for BitDefender, based in Romania, says his team has seen infection rates as high as 500 percent per hour in his home country since they first spotted it last week. “Today it started spreading like wildfire,” Coisoi says.

He says the socially engineered message appears to be capitalizing on the May 1 national holiday in Romania. “People expect to see pictures [from their friends and colleagues] after a national holiday,” he says. But he also expects the worm to make inroads in the U.S. today and tomorrow, with potential victims coming off of a weekend.

The worm — known as Palevo by BitDefender, W32.Ymfocard.fam.Botnet by BKIS, and W32.Yimfoca by Symantec — is a new variant of an existing worm. In the Yahoo IM attack, it tricks the user into saving what appears to be a JPG or GIF file, but instead is a malicious executable.

BitDefender says the worm contains a backdoor, which lets an attacker take over the victim’s compromised machine, to install more malware, steal files, intercept passwords, and launch spam or other malware attacks on other systems. It’s also spreading the way the infamous Conficker worm has done, via network shares and removable USB drives using the Autorun feature. When an infected memory stick gets loaded into a machine with Autorun enabled or unprotected, the machine can automatically be infected with the worm.

“You can do anything you want with a backdoor — keylogging to search for passwords, or it could be a botnet,” Coisoi says. “It offers the attacker full system access.”

It also spreads via peer-to-peer sharing sites, such as Kazaa and LimeWire which are all too easy to pack these types of files in with movies files and software cracks.

The good news: Because it drops an .exe file, it requires the user to run it for it to go live. According to Symantec, once the worm is run, it adds itself to the Windows Firewall list, stops the Windows Update service, and configures itself such that it runs each time the system boots. The worm automatically sends itself to everyone on the victim’s contact list.

“The nature of this attack is nothing new, because some worms already used this way of attack,” BKIS researchers blogged. “However, it is always potentially dangerous to [unaware] users. Bad guys have integrated some phishing elements to trick [the] user into clicking the link and then opening the downloaded file.”

So basically, if someone sends you a link via an instant message out of the blue, it might be best to double check with them what exactly they are sending you, so you don’t fall victim to this new worm.

A third version of Downadup has been identified by Symantec, which says the new variant gives infected machines more powerful instructions to disable antivirus software and analysis tools, among other actions. W32.Downadup.C is a modular component for machines currently infected with Downadup. This variant of Downadup, also called Conficker, is not attempting to self-replicate and appears to behave more like a Trojan than a worm, says Vincent Weafer, vice president of Symantec Security Response.

“Think of it as an updated module that’s more aggressive, more robust in defending itself,” Weafer says.

The W32 Downadup.C variant was discovered Friday in a Symantec honeypot and is still under investigation. Symantec expects to identify additional capabilities shortly, says Weafer, who adds that Symantec has not yet seen W32.Downadup.C in customer networks directly. Earlier versions of Downadup did attempt to disable anti-virus software, but the third version represented in the Downadup.C module is designed mainly to provide more protective actions to infected Windows-based machines so they can better defend themselves from anti-virus software and other eradication methods.

“It’s more aggressive, it has more services,” says Weafer.

So this is just another good reason to keep your Windows computer up-to-date with all the latest updates and to have good anti-virus software running at all times. Also remember to just use some common sense when browsing the internet as thats where the majority of these types of infections come from (along with emails) because people don’t pay attention when they are browsing around different websites.

Lastly, if you are in need of some good anti-virus software but seem to be somewhat short on cash… you should probably check out these two awesome (and free) anti-virus programs: AVG Free & Avast Free!