Imgur, a popular image-sharing site and known cat picture hotspot has been used to be attack internet message board sites 4Chan and 8Chan.
Imgur is a sister site of Reddit and the vulnerability was actually discovered on a portion of it dedicated to 4Chan. Reddit user “rt4nyp” was the first to highlight the problem with the post “Imgur is doing fishy things with 4chan screencaps on here” which links to an image explaining a cross section of code.
The code with its annotations (shown below) looks at screenshots, saved as images and uploaded to Imgur (to later be shared on Reddit). The images were apparently running malicious code.
The user claims that the code is directing traffic to 8Chan, creating a kind of Distributed Denial Of Service (DDoS) attack that forced 8Chan offline.
The post brought attention to the issue and spread through various sites before a user on Twitter brought it to the attention of Imgur:
@GranPC Hi there, thanks for bringing this to our attention, we're currently working on a solution.
— Imgur (@imgur) September 21, 2015
Imgur then created a post on their official blog claiming that the vulnerability had been patched.
Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur. From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools. The affected images were not published to the galleries on Imgur.com.
The vulnerability was patched yesterday evening and we’re no longer serving affected images, but as a precaution we recommend that you clear your browsing data, cookies, and local storage.
With the exploit seemingly gone, users on any of these sites aren’t out of the woods yet. If a computer had been exposed to the code during the time it was active, it may still be around.
As suggested by Imgur themselves, if who have visited their site recently we strongly suggest that you completely clear your browser history on any and all devices you access the internet with. The Wikihow post above is very comprehensive. Just remember that deleting your browsing data may log you out of various sites, cause sites you’ve visited before to take longer to load and may change how you normally use the internet, none of which is serious, though – a virus on your computer is far more worrisome.
As you may have noticed, we have intentionally left out links to Imgur, 4Chan and 8Chan. We’ve chosen not to link directly to Imgur’s main site as, while it has declared that the vulnerability has been patched, we’re staying firmly on the side of caution.
As for the “Chan sites”, they’re infamous for content that sometimes comes dangerously close to being illegal, upsetting and plain old unpleasant to read. As such, we have provided the links below, but are doing so with a clear warning.
The links below may lead to content that may be harmful to your computer or phone, as well as sites that may feature disturbing content.