URL Condensing Service ‘Cligs’ Hacked, Diverting Web-traffic to Wrong Place

'Cligs', a service that shortens URL (more specifically - a utility that condenses lengthy Web addresses on Twitter and other micro-blogging websites) was hacked during the 2nd week of June 2009. It was found of redirecting traffic towards an undesirable goal, according to the security company 'Sophos'.

The new Cligs compromise modified around 2.2 Million Cligs URLs and diverted queries regarding a Twitter hashtags story that Kevin Sablan, a blogger of Orange County Register built, as reported by ChannelWeb on June 16, 2009.

Graham Cluley, Senior Technology Consultant, SophosLabs, said that when his organization first realized that there was some tampering going on with Cligs, they thought that the URLs were being connected to a spammers' site, as reported by ChannelWeb on June 16, 2009.

Cluley further said that there was a possibility of the site being infected with malware with attack codes waiting to turn active, as reported by ITWeb on June 16, 2009.

The security researchers at Sophos stated that it seemed the attack emanated from Canada. Furthermore, even when the attack caused inconvenience along with a loss of several thousand URLs, the researchers commented that it could have resulted in more dangerous consequences. While the intention of the hackers was not still clear, the criminals could have diverted massive condensed URLs towards a malware infested site, added the researchers.

Sablan, who understandably is not associated with the hack, stated that he realized the diversions when he found a huge volume of Web traffic for his Twitter story flowing in from most unexpected sources, a development he noticed on June 16 2009.

However, Cligs through a post on its company blog reassured users that the hack could not compromise any password, as all user passwords were properly saved after getting them encrypted; thus, making them invulnerable to the attack.

Beside, Cligs had duly repaired the security flaw with a patch and was presently transferring its entire URL data to a fresh database and also correcting the tampered URLs, Cligs officials stated.

Related article: URL Distributing Gumblar is No.1 Malware Site Says Google

» SPAMfighter News - 6/23/2009