Cligs URL shortener hacked to redirect 2.2 million links
Wednesday, June 17, 2009
Hackers managed to hijack some 2.2 million links posted through the URL shortening service Cligs, redirecting the links to a single page on freedomblogging.com, a website of the OC Register.
The hack occurred sometime early Monday morning, Cligs - the fourth-most popular URL shortening service - said on the company's blog. The hackers were able to exploit a security flaw in the company's URL editing software to change the web addresses of the links.
The company said late Tuesday that it is moving to a new platform and 97 percent of the affected URLs were backed up and restorable.
"I've identified the hole and disabled all cligs editing for now and I'm restoring the URLs back to their original destination states," the company blog said Tuesday.
Cligs also said the hackers were not able to hijack user accounts and passwords are encrypted on the site.
Although the hacker did not redirect the URLs to a malicious site, web security experts said the attack demonstrates how URL shorteners could be used by cybercriminals to direct users to malicious sites for phishing or to spread malware.
Trend Micro reported on its blog in February that hackers had used TinyURL - the largest of the services - to direct users via instant messages on Facebook, Google Chat and AOL Instant Messenger to a phishing website.
Related News:
UK cops arrest two in Zbot Trojan case - 11.19.2009
The British Metropolitan Police took two suspected cyber criminals into custody earlier this month in connection with an investigation into the Zbot banking Trojan.
Facebook shakes up privacy policy in response to criticism - 11.19.2009
After a week-long comment period in which 7,000 Facebook users voiced their opinions, the giant social media network announced that it would overhaul and simplify its privacy policy.
Domain registrar VeriSign will receive "major security update" by 2011 - 11.19.2009
A well-known security vulnerability in the way .com and .net websites process DNS values - the way alphanumeric website names are translated into numeric web addresses - will be fixed, but not until 2011, according to a report from tech news website ZDNet.
Malware attack targeting fans of Twilight series - 11.18.2009
As with many recent hot news trends, the upcoming release of the second movie based on Stephenie Meyer's Twilight books has attracted the attention not just of the vampire wannabes, but of actual cyber criminals as well.
Giant black-hat SEO campaign funnels victims to scareware sites - 11.18.2009
Security researchers say that cyber criminals have conducted a large-scale campaign to influence Google results, pushing malware-spreading sites higher on the list and dropping legitimate results to the bottom.
|
