The malicious web pages can be stored in data URIs - uniform resource identifiers, not to be confused with URLs - which stuff the web code into a handy string that when clicked on, instructs the browser to unpack the payload and present it as a page. When using service such as TinyURL, the URI can be reduced to a small URL perfect for passing around social networks, online chats and email.