Hacktivists using Shortened Links to Hide Malware Servers

Several times I have received direct tweets or replies on Twitter with a message like “Check this out!”, “This is along the same lines”, or “If you think that is bad, check this out”. The profile picture of the sender is usually a professional looking businessman or a pretty lady. And the included link is a shortened URL.

Why some people are just so friendly right?

But running the shortened URLs through a link unshrinker told a different story. One of the first evil links that I found was four lines long when unshrunk and included an IP address of a known Russian Business Network (RBN) host. But the way they formatted the link, the actual website called was at the end of the link and pointed to a server in the US.

I have seen the same tactic used on a forum discussing the 9/11 Anti-American protests that are going on now in many Islamic countries. A comment posted, by a very pretty lady (of course), had an anti-Islamic message and a shortened link. The link unshortened was a very long masked URL.

Recently, the Telegraph posted an article on the Taliban using pretty girl profiles on Facebook to try to befriend and get information from allied troops:

“Most did not recognise that people using fake profiles, perhaps masquerading as school friends, could capture information and movements. Few consider the possibilities of data mining and how patterns of behaviour can be identified over time.”

Unfortunately, with sites like twitter, once you click on the link, you are instantly taken to the site without being able to preview it. And with the nasty zero-day exploits that are out there (IE and Java 7) just visiting a site and allowing a script to run could allow full remote control of your computer to a remote hacker.

As the Anti-American protests continue, expect these tactics to increase. Be careful what you click on and who you befriend on Social Media sites. And always run a script blocking program like “NoScript“.

About these ads

~ by D. Dieterle on September 21, 2012.

5 Responses to “Hacktivists using Shortened Links to Hide Malware Servers”

  1. Reblogged this on lava kafle kathmandu nepal.

  2. good, very useful

  3. [...] Several times I have received direct tweets or replies on Twitter with a message like “Check this out!”, “This is along the same lines”, or “If you think that is bad, …  [...]

  4. [...] Several times I have received direct tweets or replies on Twitter with a message like “Check this out!”, “This is along the same lines”, or “If you think that is bad, …  [...]

  5. [...] on cyberarms.wordpress.com Share this:TwitterFacebookLike this:LikeBe the first to like this. October 16, 2012 by stenevang [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 286 other followers

%d bloggers like this: