• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Malwarebytes Anti-Malware blocking Imgur after site exploited

Malwarebytes Anti-Malware blocking Imgur after site exploited

2015-09-23 by Jason

Malwarebytes Anti-Malware is blocking the image-hosting website Imgur as of this morning. Malwarebytes Anti-Malware has the capability to block malicious websites in the 14-day trial of the free version or with a Premium license.

Upon trying to visit the site or a direct image, Malwarebytes will intercept the traffic and block the outbound connection. My visit was blocked in Chrome.

imgur_block

After the block notice, visitors are directed to block.malwarebytes.org with the logo and statement that says “Malwarebytes Anti-Malware has blocked a potentially malicious website.”

mbam_blocksite

The Learn More link takes you to a generic page on IP Blocking from the company, where as I wish it would explain the reason why a site is being blocked. For that information, we can piece together the rest of the puzzle.

Imgur was exploited September 21st and was first discovered with a thread on Reddit. The site was compromised in such a way that viewing certain images uploaded to Imgur would result in opening hundreds of connections to 4chan and 8chan. As one explanation broke the process down:

Thanks to a security hole in imgur involving MIME magic, the hacker can inject JS. (Basically, thanks to imgur’s code that lets you link to GIF’s as PNG’s, your browser renders an invisible HTML file containing your image and some invisible JS without telling you)

The JS loads an iframe from 8chan, acting as part of a ddos. The iframe contains a Flash file. Flash can create and modify local storage for 8Chan, even if you’ve never visited it. It then flags the rest of the malicious file as a “favorite”. (Because the hacker was a chan lurker, the file also contained easter eggs like dancing pokémon and a private key containing the string imsorrybrennan)

The JS then causes your browser to ping 8Chan. 8Chan loads the content of your “favorites” on the page, no sanitization at all.

This lets a div containing a script tag finish executing the JS.

The JS then pings 8ch.pw, the hacker’s domain, (not 8Chan) which can serve it any JS payload it wants.

The JS then lies dormant in your local storage until it receives a go code, or a self destruct code that causes it to be replaced with another payload from 8ch.pw.

Imgur stated in a blog post that the vulnerability was patched that evening and the site is no longer serving affected images. Malwarebytes is taking a more conservative approach and not unblocking the site until the root cause is addressed according to the Malwarebytes forums.

To be sure that you are secure, you will need to clear your local storage if you have been visiting Imgur.

Filed Under: Security and Privacy, Software

Trending

  • What I’m looking for in a Knowledge Base
    In Software, Tech Solutions
  • Best Cloud Storage Services with Affordable Pricing Plans
    In Articles, Tech Solutions
  • Pizza Box, Lunch Box and other PC case form factors identified by WMI
    In Code, Hardware, Gadgets, and Products

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • 3d rendering circuit cloud for cloud computing technology Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource Telecom Application Development: When to Outsource
  • Printer printing document wirelessly from mobile phone or smartphone wifi connection vector flat cartoon illustration, file air print on fax or ink jet via cellphone bluetooth modern design Why Your Business Needs Online Fax Services In 2022
  • 6 Best Ways to Protect Your Business Account 6 Best Ways to Protect Your Business Account
  • How to download videos from Instagram How to download videos from Instagram
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource
  • Why Your Business Needs Online Fax Services In 2022

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2022 · Magazine Pro Theme on Genesis Framework · WordPress · Log in