McAfee allows spammers to abuse their “secure” short URL service

I’m sure the folks at McAfee think I’m picking on them, but sometimes they just make it soooooo easy.

Until today, I did not know that McAfee had a URL-shortener service. If you go to you can see it for yourself:


The bad news? The reason I know McAfee has a new short-URL service is because an obnoxious spammer used that service to leave a comment on my ZDNet blog sending my readers to his scummy shopping site. (I’ve obscured the relevant part of the URL, so no one is tempted to give this guy any traffic.)


Sadly, a site visitor might see that prefix and assume the link is legitimate. That impression is reinforced if they go to the site and see this in the top left corner:


Even more sadly, I see no way to report this abuse to McAfee so that they can prevent their service from being exploited in this fashion. Perhaps that’s why the spammers have chosen to use it.

Update: I missed this tiny link in the upper right corner of the page:


I absolutely love the way "miscategorized" is misspelled. Oh, and that link? It leads to a forum thread that was last updated in June 2011. Awesome work, McAfee.

For a detailed discussion of why URL shorteners are a mixed blessing and a security risk, see this 2010 post:

Be careful what you click! The perils of URL shorteners

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s