How Hackers Used Imgur To Bring 8chan To Its Knees

StoryformOne can’t help but notice the irony here.

As one of the most popular image hosting sites on the web, Imgur’s got everything from movie screenshots to unusual thrift store purchases to how-to guides to awesome scenery. There’s plenty of NSFW content there too, of course (no, we aren’t going to link to it). Mostly, though, it’s pictures of cats.

So many pictures of cats.

Turns out, however, that for a short time, there was something else on the platform too: malicious code.

The vulnerability, which imgur has since patched out, wasn’t intended to target visitors to the image platform. Rather, it’s aimed at something else entirely: 8chan. Best remembered as the digital headquarters for #Gamergate; frequent visitors to the site aren’t exactly well-liked by anyone – not even Google.

The exploit was first discovered in this reddit thread, where it was revealed that it injected javascript into the browsers of users visiting the site from r/4chan. That javascript evidently opened up over five hundred hotlinked images from 8chan in their browser every time they visited an 8chan page.

8chan wasn’t the only apparent target of the attack, either – other redditors pointed out that that the script sent messages from infected users to an unknown server.

“This isn’t a DDOS,” wrote reddit user ItsMeCaptainMurphy. “It’s targeting 8chan users and leaving javascript code in their local storage that causes their browsers ping back to a command and control server each time they hit an 8chan page. Thus far the C&C server hasn’t sent out any commands (or stopped issuing commands before this was discovered). Over the evening whoever authored this has been updating and changing their code. It only affects very specific imgur images/pages. Why is not yet known.”

The implication seems to be that whoever wrote the script was looking to create a botnet for a future DDoS attack – but it’s not entirely clear. Now, there’s a bit of a silver lining amidst the disturbing revelation that Imgur is as vulnerable to malware as any other site:

The attack exclusively targeted 8chan through users who browsed r/4chan. So as long as you’re not a frequent visitor of that subreddit(or an 8chan user), your computer’s probably fine. Good news, right?

If nothing else, the attack reveals a rather distressing truth about the modern Internet. Even sites that one typically doesn’t expect would contain malware – content aggregators, image hosts, and social networks – can be every bit as effective a delivery mechanism for hackers as any other site. More than anything else, this drives home the need for tools such as script blockers and ad blockers – otherwise, how else is one to defend themself?

Matthew Davis is a technical writer and Linux geek for Future Hosting.

Dedicated Server Special

Take advantage of our Double RAM offer on the E3-1230v2 4 x 3.30GHz+HT server! Only $134.95 per month. Managed and Unmanaged options available at checkout.