URL shorting has always been a convenient vector for obfuscating a malicious URL. They've been used in phishing URL's for nearly a decade now, and in drive-by-download's for almost as long. Now it seems that another flaw in shorten URL services have been exploited by the bad guys - exploiting the hosting provider and getting ALL shortened URL's to point to a malicious drive-by-download URL.That's what happened to Cligs Sunday/Monday this week.
Apparently, according to their blog, some 2.2 million shortened URL's were affected - redirecting victims to malicious content over at freedomblogging.com. Not pretty - but hardly unexpected.
From their blog...
"... I’m restoring the URLs back to their original destination states. However, the most recent backup is from early May, and so we may have lost all URLs created since then. My daily backups with my host were turned off for some reason, which is another story.I suspect that this won't be the last time a shortened URL service provider will be compromised. Theres good money to be made by the bad guys if they exploit these kinds of services - so there's motivation and skills in abundence to do so. Frankly, the providers of shortened URL services aren't known for their security ambitions.The restoration will take a long time - it’s millions of URLs that have to be individually restored - and so you may not see your proper links till tomorrow."
