A Malicious Del.icio.us?
This entry was posted in Miscellaneous on October 27, 2014 by Mark Maunder 23 Replies
Google blacklisted bit.ly several days ago in a move that caught many publishers off guard. We started seeing spotty reports of del.icio.us being blacklisted over the weekend and it has now gone full-blown with all del.icio.us links apparently being blacklisted by Chrome as hosting malware.
Wordfence is alerting on all del.icio.us links in files, posts and comments because Google has added the site to it’s list of sites hosting malware. Even if you disagree with Google’s assessment of delicious being blacklisted, keep in mind that if the site remains blacklisted, linking to it may harm your search ranking. So consider carefully if you want to ignore the alerts that you’re receiving about this when Wordfence finds a file, post or comment that contains a delicious link.
Delicious has changed hands several times over the years and recently was re-sold earlier this year to Science Inc. They also rebranded several years ago to delicious.com which is not blacklisted, but there are likely a large number of legacy .us links out there. [Edit: Thanks Kelson]
Bit.ly has now been removed from Google’s Safe Browing list which is the list that Google maintains of known malicious websites that engage in malware distribution and phishing. [Edit: Correction, we are still seeing bit.ly links being flagged by Google’s GSB and Chrome] It’s also one of the data sources that Wordfence uses to scan your site’s files, posts and comment for malicious activity and infections.
According to Google’s Safe Browsing page on del.icio.us:
Of the 370 pages we tested on the site over the past 90 days, 69 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-10-26, and the last time suspicious content was found on this site was on 2014-10-26.
Malicious software includes 17 trojan(s), 14 scripting exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine
It goes on to say:
Over the past 90 days, icio.us appeared to function as an intermediary for the infection of 1 site(s) including bit.ly/.
Which suggests that the blacklisting of del.icio.us is related to the bit.ly blacklisting.