Cligs URL shortener hacked to redirect 2.2 million links
Wednesday, June 17, 2009
Hackers managed to hijack some 2.2 million links posted through the URL shortening service Cligs, redirecting the links to a single page on freedomblogging.com, a website of the OC Register.
The hack occurred sometime early Monday morning, Cligs - the fourth-most popular URL shortening service - said on the company's blog. The hackers were able to exploit a security flaw in the company's URL editing software to change the web addresses of the links.
The company said late Tuesday that it is moving to a new platform and 97 percent of the affected URLs were backed up and restorable.
"I've identified the hole and disabled all cligs editing for now and I'm restoring the URLs back to their original destination states," the company blog said Tuesday.
Cligs also said the hackers were not able to hijack user accounts and passwords are encrypted on the site.
Although the hacker did not redirect the URLs to a malicious site, web security experts said the attack demonstrates how URL shorteners could be used by cybercriminals to direct users to malicious sites for phishing or to spread malware.
Trend Micro reported on its blog in February that hackers had used TinyURL - the largest of the services - to direct users via instant messages on Facebook, Google Chat and AOL Instant Messenger to a phishing website.
Related News:
Banks boost web security with new program - 3.15.2010
A new program designed by web security provider Trusteer allows banks to remotely access computers of its online banking users to investigate potential web and network security breaches.
Estonian cyber criminal jailed for targeting web security - 3.12.2010
The author of the Allaple malware strain that targeted local insurance firms and scores of other websites recently received a prison sentence of nearly three years. Arthur Boiko, a 44-year-old man from Estonia, pled not guilty to the charges, but a jury found him guilty after prosecutors claimed he sought revenge against the insurance company that denied his claim.
Small businesses need stronger web security - 3.11.2010
Cyber criminals have increased efforts to target the bank accounts of small businesses because they frequently do not have the web security measures in place that larger companies do, according to David Nelson of the Federal Deposit Insurance Corporation.
UK bankers struggle with online fraud - 3.11.2010
Online banking fraud cost bankers in the UK the equivalent of nearly $90 million in 2009, according business technology website Silicon.com.
Koobface changes as web security professionals prepare attack - 3.11.2010
As web security professionals attempt to take down Koobface, the cyber criminals that designed the malware strain have altered the virus to escape potential elimination, according the Register, a technology news website based in the UK.
|
