Web Security News

Cligs URL shortener hacked to redirect 2.2 million links

Wednesday, June 17, 2009

Hackers managed to hijack some 2.2 million links posted through the URL shortening service Cligs, redirecting the links to a single page on freedomblogging.com, a website of the OC Register.

The hack occurred sometime early Monday morning, Cligs - the fourth-most popular URL shortening service - said on the company's blog. The hackers were able to exploit a security flaw in the company's URL editing software to change the web addresses of the links.

The company said late Tuesday that it is moving to a new platform and 97 percent of the affected URLs were backed up and restorable.

"I've identified the hole and disabled all cligs editing for now and I'm restoring the URLs back to their original destination states," the company blog said Tuesday.

Cligs also said the hackers were not able to hijack user accounts and passwords are encrypted on the site.

Although the hacker did not redirect the URLs to a malicious site, web security experts said the attack demonstrates how URL shorteners could be used by cybercriminals to direct users to malicious sites for phishing or to spread malware.

Trend Micro reported on its blog in February that hackers had used TinyURL - the largest of the services - to direct users via instant messages on Facebook, Google Chat and AOL Instant Messenger to a phishing website.
ADNFCR-1765-ID-19223091-ADNFCR

Related News:

Mac OS X malware game Lose-Lose deletes files - 11.5.2009
A graduate student has written a game for Mac OS X that resembles the classic video game Space Invaders, but Mac users should not download the game if they don't want to have it randomly delete files.

Adobe issues critical security update for Shockwave Player - 11.5.2009
Adobe Systems yesterday released a critical update for all versions of Shockwave Player and recommends that users upgrade to version 11.5.2.602 to protect against cyber attacks exploiting the vulnerability.

Microsoft Security Essentials detects malware that kills Windows XP - 11.5.2009
A new Trojan malware detected by Microsoft Security Essentials as Win32/Daonol steals credential information and redirects web traffic, Microsoft said on its malware protection blog.

FBI warns of malware targeting corporate bank accounts - 11.4.2009
A new report from the FBI cyber crime division said hackers have attempted theft of $100 million from online bank accounts, using sophisticated malware that steals bank account passwords.

Microsoft issues Internet Explorer security update - 11.3.2009
Microsoft on Monday issued a security bulletin that updates a previous patch for Internet Explorer to resolve two issues. The IE bug only affects users who already applied the earlier patch.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now