Further to our previous blog about the use of TinyURL to obscure malicious links, a family member drew my attention to a problem she was having with the TinyURL site. Every time she tried to access a TinyURL link, she got a page advertising security products. (She was using their free firewall.) It turned out, though, that this wasn't an ugly (and probably illegal) advertising ploy by the vendor.

Since the person was a (close) family member, the first thing I did was to replace her firewall (and a free antivirus product also being used) with our own security suite. But the problem didn't vanish. However, it now became clear that it wasn't the firewall that had caused the issue, but the antispyware toolbar that is, by default, installed at the same time. It was blocking access to the TinyURL site because TinyURLs are used to conceal malicious sites and downloads.

You might think  that a little draconian, since lots of perfectly innocent, useful and even essential URLs are sent as TinyURLs, but I can see their point. The toolbar did offer a clickthrough option, but trying to use it just resulted in a connection time-out. Unfortunately, I couldn't find a way to make an exception for the TinyURL, although there apparently is one in the full product.

So why am I telling you this?

  1. If you happen to represent a free firewall product that has this particular feature, especially one that begins with a Z, you might want to suggest to your developers that before you send people off to a web site to upgrade it, it might be polite to tell them what the problem is. Or make it easier to change from the default. You might even want to consider whether the mass blocking of a site so many people use is good marketing, as well as attacking the symptom rather than the disease.
  2. TinyURL does represent a problem, though it's not a problem of TinyURL's making. The use of shortened URLs has rocketed in recent years, not least because of their usefulness to Twitter users. It's worth making the point that you can configure TinyURL (and some sites that offer similar services) to preview the real target and allowing the user to bale out if the full URL looks suspicious. For people who send out URLs this way, you might want to consider the fact that you can actually specify previewing when you create a TinyURL.

David Harley
Director of Malware Intelligence