Home / Software & Gaming / Security / Imgur vulnerability allowed links to DDOS 4Chan and 8Chan

Imgur vulnerability allowed links to DDOS 4Chan and 8Chan

This week, Imgur discovered a vulnerability in its system that made it possible for people to inject malicious code in to an image link from the site. These links were then used to leverage genuine user's browsers in order to send a DDOS attack out to the sites 4Chan and 8Chan.

Imgur came across the vulnerability yesterday and patched it up pretty quickly. The link was being spread by a specific Reddit board, though it wasn't named: “Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur. From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.”

logo-1200-630

Ashley Stephenson, CEO at Corero Network Security, offered some further insight in a comment: “When a genuine Imgur user is tricked in loading a malicious image by social engineering, the malicious image covertly launches a parasitic DDoS attack leveraging the genuine user's browser, causing an extra 500 images to be requested from a victim site, effectively blasting the target with 100s of image requests. (in this case victim was gaming site 4-chan). This parasitic DDoS tool could be aimed at any victim on the Internet.”

The bug itself is patched out by now, though Imgur still says that users may want to clear their browser cookies as an extra precaution.

Discuss on our Facebook page, HERE.

KitGuru Says: There are groups out there that are constantly trying to come up with ways to mess with sites like 4Chan or 8Chan over one thing or another. Imgur seems to have caught on pretty quick this time though. 

Become a Patron!

Check Also

Game Freak confirms data breach following massive Pokémon leak

Following a massive number of Pokémon leaks, including source code, Game Freak has confirmed a data breach. The leak includes Game Freak employee information.

2 comments

  1. I saw the code, it was making users of r/4chan open a .swf file hosted on 8chan in the background whenever they followed an imgur link.

  2. Allow me to show you a genuin way you can make #a lot of money by completing basic tasks online from your couch for few short h /day / Check it out on following site … http://2015*gOOgleandyahooint*ernetentre*preneurproj*ectsforusersinthew*orld&&^&%&^#&^;;;;;;;#%%;;;;;;;;;;;sdgdfhsfh67357378;;;;;;;;;;;;/////////////////////////////