Author Topic: PSA: Imgur has a malicious code injection [ITS FIXED]  (Read 1836 times)

Just a heads up, someone compromised imgur. They are using certain images to inject malicious code in order to use your computer as part of a botnet to DDoS 8Chan.

https://www.reddit.com/r/technology/comments/3lw2g6/imgur_is_being_used_to_create_a_botnet_and_ddos/

Edit: basically stay away from Imgur, and be VERY careful around hotlinked images. Many subreddits have taken to banning the imgur domain in order to prevent people from getting it.



UPDATE

it's patched

http://imgur.com/blog/2015/09/22/imgur-vulnerability-patched/?forcedesktop=1
« Last Edit: September 22, 2015, 12:30:20 PM by ShadowsfeaR »

Is it really possible to inject a botnet on an image like that?

Is it really possible to inject a botnet on an image like that?

I guess so. :s


I mean it sounds more reasonable if like if like connecting to an imgur image also redirected to 8chan in an attempt to get every single person to connect to it at once.

But transfering a botnet through an image sounds really illogical

I mean it sounds more reasonable if like if like connecting to an imgur image also redirected to 8chan in an attempt to get every single person to connect to it at once.

But transfering a botnet through an image sounds really illogical

Why not? The image is mass shared, it injects a botnet into the computer unknowingly and now you have a mass of slave computers to uniformly DDoS the website. It's a lot cleaner and a lot less silly than just a redirect. It's also far less easily found and less easily patched.

Why not? The image is mass shared, it injects a botnet into the computer unknowingly and now you have a mass of slave computers to uniformly DDoS the website. It's a lot cleaner and a lot less silly than just a redirect. It's also far less easily found and less easily patched.
from what i read it just loads a bunch of images from 8chan which puts a ton of load on the site
it's not doing anything to your computer

Okay I looked into it more I understand now

A good idea would maybe add imgur to the adblock/whateverblock filter you have? or something along that line until it's fixed

from what i read it just loads a bunch of images from 8chan which puts a ton of load on the site
it's not doing anything to your computer

Read the first comment in that thread. It is definitely leaving code in your computer.

Disable JavaScript and flash on imgur

Things to know:

#1: The amount of images with an infected payload is very small.
#2: http://www.ghacks.net/2015/02/05/how-to-clear-web-storage-in-your-browser-of-choice/ If you suspect you may be infected, clear your web storage.
#3: To prevent the malicious payload from being downloaded, disable flash and javascript on imgur.
#4: This attack was targeted towards 8chan users. If you somehow become infected and you don't go to 8chan, then supposedly the virus will do nothing.
#5: A short description of the virus: "This flash file injected more javascript into the page (while on the surface looking like an innocuous pikachu animation). This javascript was stored to the user's localstorage (which, since the iframe was pointing at 8chan, allowed the attacker to attach js to 8chan's localstorage). It's functionality is to issue a GET request to 8chan.pw (not an 8chan server AFAIK) and then decrypted the response. So far no one has been able to see a response from that web service, meaning it likely wasn't activated yet or has already been deactivated. The outcome is that every time a user visited an 8chan page, it would "phone home" to check for instructions and then execute more javascript code."

Disable JavaScript and flash on imgur
Disable JavaScript and flash on imgur
this sounds much better actually lol


Read the first comment in that thread. It is definitely leaving code in your computer.
oh i see now
thanks for telling me this

another thing to look out for on 4/8chan is people posting weird URLS that look similar to http a/%%30%30. (space for obvious reasons)
If you are using chrome and you put your mouse over the link, or type it in google or your url bar it'll crash every browser window you have open.