In modern world people often use to send urls with url shortners from various webservices,Mostly we use url shortners to shorten the url
But in terms of exploits,phishing attempts how could we avoid it,if it's regular url we could/might guess some part of the url and ensure the confidentiality of url and might click over it,
What would be the approach while handling short links which carries hidden exploits?
To mitigate drive by exploit attacks:
To mitigate phishing attacks:
You can also use a browser extension to pause loading before a redirect, so you know where the redirect leads.
Several services exist to reverse a shortened URL. Essentially it just forces the service to visit the short URL and report back with the page it lands on.
Facebook and Twitter have bots for doing this. Every time you enter a link into Facebook chat or add a link to a status, a Facebook bot will crawl that site and figure out what's going on. If the site happens to be a known malicious site, Facebook will reject the post/message.
Right now, I guess the best thing to do is use those services or do it manually in a virtual machine and note the steps taken using Wireshark & Fiddler. At least that way, you can draw a timeline of sites visited (if several redirects are involved), scripts used (Fiddler picks up all .php and .js scripts as well as flash files and more) and go from there.
Short answer: you can't know where a short URL brings you to until you have clicked on it. And, as an additional danger, you can't even be sure whether the URL shortening service also performs other side-effect activities, as shown in this proof-of-concept which uses this feature to accomplish a DDoS.
There's even a URL shortening service that, for fun, will transform any link to a suspicious-looking one.
The only way to be sure is to click only on non-shortened URLs i.e. where the domain name is clearly visible.
