The fact that cyber crooks often misuse URL shortening services in order to trick users into following dangerous links is not news, but Symantec researchers have lately spotted a considerable increase in malicious links shortened with the 1.USA.gov service.
The result of a collaboration between USA.gov and bitly.com, the service is automatically employed whenever anyone uses bitly to shorten a URL that ends in .gov or .mil.
In the latest spam campaigns, the offered shortened 1.USA.gov links lead to a .vermont.gov site, which then thanks to a open-redirect vulnerability is made to forward the visitors to a scammy work-from-home website that spoofs a legitimate financial news network website:
“To add legitimacy to the website, spammers have designed it so that other links, such as the menu bar at the top and other news articles, actually lead to the financial news website that it is spoofing. However, the links in the article all lead to a different website where the spammer tries to make the sale,” the researchers warn.
The campaign seems rather successful, as the shortened URLs have been followed by over 43,000 users in seven days – the majority of which are (not surprisingly) users located in the United States.
The shortened 1.USA.gov links lend an aura of legitimacy to the offered links, as the users are more inclined to trust them that random ones. The other problem is that too many .gov sites can be compromised to serve as redirectors to other malicious sites.