Imgur Abused in DDoS Attack Against 4Chan!

Imgur Abused in DDoS Attack Against 4Chan!

So a few of you might have noticed that we started blocking “Imgur.com” which is a popular image sharing website.

The reason we did this is because of a vulnerability within their code that allowed cyber criminals to load malicious javascript code into the browsers of site users.  This in turn was used to turn each system into a DDoS weapon (Distributed Denial of Service).

The targets of these DDoS attacks were 4chan & 8chan, which are bulletin board style image posting sites.

The identity of the attackers or their motivation is unknown at this time, however it’s likely a group of angry sub-internet dwellers utilizing a flaw in the code of imgur rather than employing the use of a botnet (which is the traditional approach) or an army of equally angry users.

Imgur has since released a statement letting folks know that the bug in the code has been patched and that current visitors should be fine.

However, they also recommend that folks clear the cache of their browsers in case the malicious javascript is still loaded and active in the background.  There are numerous potential threats associated with allowing this code to run on your system, as described by Lyra883 in a Reddit Post the code can:

  • Transmit your passwords to attackers
  • Become a piece of a giant DDoS
  • Constantly load ads that pay attackers
  • Request edgelord-tier child pornography from a honeypot without your knowledge

Click Here for instructions how to clear your browsing cache and remove the threat.

Click Here if you are comfortable returning to your imgur use but don’t want to disable your Malwarebytes Web Protection.

The below is also a good tip for whitelisting all of the imgur subdomains:

whitelist

Keep in mind that by whitelisting a blocked website, you are doing so at your own risk as Malwarebytes Researchers don’t trust it.

We are working to identify if imgur is once again safe for all users and as soon as we feel confident in that fact we will unblock their site.  Please stay tuned for any updates and safe surfing!

 

UPDATE: 

After talking with the staff of Imgur about what they did to fix the problems and prevent them from happening again in the future, we have removed our block and there should be no further issues. Make sure you update to the latest database version to remove the block.

UPDATE 2:

From Imgur:

 In short, someone managed to upload an HTML file with malicious JavaScript inside of it that targeted 8chan. The vulnerability is completely patched and it’s no longer possible to upload files of that type. Not only was this specific thing patched, but we prevented our i.imgur.com servers from serving anything other than image files. This means that we’ve stopped the possibility to serve any other JavaScript files like this. No user data such as passwords and e-mails was leaked.

Nice work to Imgur for their quick response and movement on fixing this issues to make sure their users are safe and secure!

Thanks everyone for following along and as always, safe surfing!

 

ABOUT THE AUTHOR

Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.