Author Topic: Warning to Imgur users  (Read 917 times)

0 Members and 1 Guest are viewing this topic.

Offline georgemilson

  • Neonate
  • *
  • Posts: 5
  • Gender: Male
  • I honk at people.
Warning to Imgur users
« on: September 23, 2015, 02:56:48 pm »
I touched on this in a different thread last night, but it seems that the hackers involved have stepped up their code again.

If you use Imgur, please, stay away from it for a few days and *clear your cache*. It's currently under hacker attack.

They seem to be using code injected from images (.png files specifically) from r/4chan (though the imgur blog post which talks about how the last security hole was cleared is also throwing up alerts from Malwarebytes & Noscript) to create a botnet for the purpose of DDoSing another site. It also injects trojan code which could potentially cause even more problems down the line.

Admittedly, I'm not the most tech-savvy person for explaining this (and Eniliad no longer uses the site X.x), all I know from what I've been told is that the hackers are now injecting JSONB script into images, some of which have reached the front page.

EDIT: from a more tech-savvy person -  "Normally you can only upload pictures to Imgur. This makes Imgur very safe because pictures can't hurt your browser/computer. Someone cleverly figured out a way to upload programming code and make Imgur think it was a picture so when you visit the 'image' it actually runs a program (called a script).

In this case the script is relatively harmless and just loads files from 8chan, the idea being that if enough people load it, 8chan will get overloaded with all the requests.

However, the problem is, someone else could use similar exploits as a hacking tool to use your computer to attack other websites."