URL Shorteners Have been Exploited Malware Writers

URL shorteners (such as bit.ly) have escalated in popularity thanks to services like Twitter where every character counts. However they come at a security cost.
Spammers have been using them to for some time, and anyone who frequents twitter will have seen the pornography industry using them. However Symantec’s Nick Johnston reports on a worrying trend, using them to hide malware using so-called drive-by attacks. He reports on one exploit.
The attack abused at least five different URL shortening sites. The message claimed to be from an inter-bank funds transfer service, claiming that a funds transfer had been cancelled. To find out why the transfer was cancelled, recipients were encouraged to click on a link supposedly pointing to a PDF file, but actually pointing to a shortened URL. This shortened URL then redirects to a site with several drive-by exploits.
A drive-by attack is one that exploits security flaws in browsers and causes them to download and execute malicious code simply by visiting a page. They do not require a user to click on anything or download files. In the example cited, the page exploited holes in PDF documents, Java and a Windows Help Center exploit. Expect more of this, warns Symantec.
We saw hundreds of unique shortened URLs being used to link to this malware, and expect to see malware authors using this technique in future.
There are browser plug-ins for Firefox and Chrome that will expand shortened URLs so you can see the destination site before clicking on the link. It is expected that

To See the Symantec Report Click HERE


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH



Post a Comment

Related Posts Plugin for WordPress, Blogger...