It turns out I am not the only person suspicious of "URL shorteners" designed to make very long links into shorter, manageable ones.    On a service like Twitter, where communications are limited to 140 characters, shorteners are absolutely necessary and utilities like TweetDeck build them in for you automatically.

For people you know, shorteners are obviously fine, because there is an element of trust.   For strangers, though, I never click on shortened URLs because the URL can usually tell me something about the link.

URL shorteners can also do more than mask a URL you might not want to visit; they can be malicious on their own.   To prove it, University of Tulsa student Ben Schmidt created a program called d0z.me - "The Evil URL Shortener" - and on his spareclockcycles.org blog explains that when users click on a shortened URL created by d0z.me, iframe code opens with the shortened links and Javascript software “runs in the background, hammering the targeted server with a deluge of requests from these unsuspecting clients.”

Livescience has the full story.