This week, Imgur discovered a vulnerability in its system that made it possible for people to inject malicious code in to an image link from the site. These links were then used to leverage genuine user’s browsers in order to send a DDOS attack out to the sites 4Chan and 8Chan.
Imgur came across the vulnerability yesterday and patched it up pretty quickly. The link was being spread by a specific Reddit board, though it wasn’t named: “Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur. From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.”
Ashley Stephenson, CEO at Corero Network Security, offered some further insight in a comment: “When a genuine Imgur user is tricked in loading a malicious image by social engineering, the malicious image covertly launches a parasitic DDoS attack leveraging the genuine user’s browser, causing an extra 500 images to be requested from a victim site, effectively blasting the target with 100s of image requests. (in this case victim was gaming site 4-chan). This parasitic DDoS tool could be aimed at any victim on the Internet.”
The bug itself is patched out by now, though Imgur still says that users may want to clear their browser cookies as an extra precaution.
Discuss on our Facebook page, HERE.
KitGuru Says: There are groups out there that are constantly trying to come up with ways to mess with sites like 4Chan or 8Chan over one thing or another. Imgur seems to have caught on pretty quick this time though.