In the latest report from MessageLabs [PDF] they have observed that a new evasion technique emerges, which works by incorporating a short legitimate URL, which in turn points to a short address system created by spammers. This eventually redirects to the target website, adding an extra layer to beat the filters.
To make sure, spammers have even started creating strings from these sites to make links harder and harder to analyze. They even start the registration of domains months before their use to obtain the analysis of the entire domain (since fake domains are usually very recent creation, while legitimate ones have been active for a longer time). Currently, most of these spammer pages create their own url shorteners have the .ru ending.
Complete content in original IDG source
