Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Wholesale-Redirects-to-MalwURL redirection services like TinyURL have grown from almost nothing in recent years, due entirely to the success of Twitter and its 140-character limit. For most users, they represent a welcome convenience as they make their tweets, status messages, and other such space-limited posts throughout the day.

    Unfortunately, cybercriminals have used such services as part of various schemes before. Earlier this week, in fact, it’s safe to say the Internet dodged a big bullet.

    The database of Cligs, the #4 URL redirection service used on Twitter, was compromised sometime on Sunday night/Monday morning. According to the official Cligs blog, approximately 2.2 million redirects were edited to go to a post talking about Twitter hash tags at a blog maintained by the Orange County Register. It’s unclear who did it and why, although it might well be a case of it being done because it could be done.

    While the attack caused little long-term damage, it could have been indescribably worse. Had it happen to a bigger redirection service like Bitly or TinyURL, the numbers of affected users would have been far greater. In addition, the links didn’t go anywhere malicious. It would have been just as easy for the links to go to malware – and it wouldn’t have been very hard to do so in a way that would be invisible to most users.

    This could have been a far bigger problem, but thankfully it wasn’t. What it is, however, is a warning about the dangers of URL redirection. There’s not much consumers can do on their own, but providers should double-check their own security measures.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice