Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

A Malicious Del.icio.us?

This entry was posted in Miscellaneous on October 27, 2014 by Mark Maunder   23 Replies

Google blacklisted bit.ly several days ago in a move that caught many publishers off guard. We started seeing spotty reports of del.icio.us being blacklisted over the weekend and it has now gone full-blown with all del.icio.us links apparently being blacklisted by Chrome as hosting malware.

Screen Shot 2014-10-27 at 9.29.09 AM Wordfence is alerting on all del.icio.us links in files, posts and comments because Google has added the site to it’s list of sites hosting malware. Even if you disagree with Google’s assessment of delicious being blacklisted, keep in mind that if the site remains blacklisted, linking to it may harm your search ranking. So consider carefully if you want to ignore the alerts that you’re receiving about this when Wordfence finds a file, post or comment that contains a delicious link.

Delicious has changed hands several times over the years and recently was re-sold earlier this year to Science Inc. They also rebranded several years ago to delicious.com which is not blacklisted, but there are likely a large number of legacy .us links out there. [Edit: Thanks Kelson]

Bit.ly has now been removed from Google’s Safe Browing list which is the list that Google maintains of known malicious websites that engage in malware distribution and phishing. [Edit: Correction, we are still seeing bit.ly links being flagged by Google’s GSB and Chrome] It’s also one of the data sources that Wordfence uses to scan your site’s files, posts and comment for malicious activity and infections.

According to Google’s Safe Browsing page on del.icio.us:

Of the 370 pages we tested on the site over the past 90 days, 69 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-10-26, and the last time suspicious content was found on this site was on 2014-10-26.

Malicious software includes 17 trojan(s), 14 scripting exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine

It goes on to say:

Over the past 90 days, icio.us appeared to function as an intermediary for the infection of 1 site(s) including bit.ly/.

Which suggests that the blacklisting of del.icio.us is related to the bit.ly blacklisting.

Full screenshot:

Screen Shot 2014-10-27 at 9.37.39 AM

 

 

Did you enjoy this post? Share it!


Your rating:

23 Comments on "A Malicious Del.icio.us?"

Kelson October 27, 2014 at 1:09 pm • Reply

Delicious itself moved to the delicious.com domain several years ago, leaving the old one as a redirect, and the .com isn't flagged. So anyone who has old links that they want to keep around can point them to the newer URL and just jettison the old one.

(Also, I find it kind of amusing that I got these alerts on my blog...on posts that didn't actually link to the site, just mentioned it. Though considering WP's auto-embed features, it's probably safer that way.)

mark October 27, 2014 at 1:14 pm • Reply

Thanks Kelson, agreed but I think there are a large number of legacy links out there to the .us that are alerting on this.

Kelson October 27, 2014 at 2:14 pm • Reply

Oh, absolutely. I just wanted to point out the newer domain and updating the links as a possible solution.

Debbie October 27, 2014 at 1:16 pm • Reply

Obfuscation should always raise suspicion in my opinion.
While I understand the convenience of a nice short click-able link that will not break up in a wordwrap it can be hazardous to click on a link that takes you "anywhere" not vetted as safe.

mark October 27, 2014 at 1:22 pm • Reply

I'm also not a huge fan Debbie. I think Twitter was the original motivation behind shorteners but we've sacrificed usability and now the above introduces a new issue with shortening. Reminds me of a few years back when Libya threatened to shut down bit.ly for not complying with Sharia law (it falls under the Libyan top level domain). http://www.theguardian.com/technology/2010/oct/08/bitly-libya

Ron October 27, 2014 at 1:40 pm • Reply

Twitter the original motivation behind shorteners?

Twitter was founded March 21, 2006 while the first patent for a URL shortener was filed in september 2000 and TinyURL was launched in 2002. Twitter could have been the first one automatically translating long URLs through TinyURL.

mark October 27, 2014 at 1:53 pm • Reply

Thanks for the interesting history Ron. I'm not sure I was aware of shorteners before Twitter. I also vaguely remember having a life before social media took over. Anyone else remember those days?

Steve October 27, 2014 at 1:59 pm • Reply

Twitter remains pretty much the only legitimate place where you should find blind (compressed) links, and even there you should only click on links from posters you trust.

I'm always suspicious when I receive an email with compressed links - and all the more so when they assure the reader that they're safe. If they're legit links, and they're just using these links to track clicks, they should know there are other ways to collect these metrics without using blind links.

Sandy Sandmeyer October 27, 2014 at 3:24 pm • Reply

I test all shortened links through LongURL.org to see what they are really pointing to. No sense in be careless.

Dan MAnahan October 27, 2014 at 4:38 pm • Reply

Love longURL.com

Marko October 27, 2014 at 2:13 pm • Reply

I always disliked short urls just because people tend to mask and sometimes offer bizarre, utterly disgusting, websites that one would not normally access if they would see the full URL.
"It's safe" Yeah right!

ray mitchell October 27, 2014 at 3:14 pm • Reply

Marko,

That's just an unfair generalization. To prove it, here is an innocuous little video. http://youtu.be/dQw4w9WgXcQ I promise it's not a RickRoll, heh heh.

Mark Mercer October 27, 2014 at 2:59 pm • Reply

I wonder if Google would have the cojones to ban goo-dot-gl links: their own URL shortener. These services are not "sites" in any meaningful way but merely redirects. Anybody could link a malicious or inappropriate site through googl just as easily as bitly.

I suspect there is a bit more to this than merely blocking malware. It feels deliciously like anti-competitive behavior.

Eric October 27, 2014 at 5:51 pm • Reply

Put your tinfoil hat back on.

Sandy Moore October 27, 2014 at 7:09 pm • Reply

Certainly not a fan of short URL's for security reasons mainly, as you just never know what's behind them. I'm inclined to agree with Mark Mercer... Google does have a tendency to want to be #1... lol.

I always check short links with longurl.org .

Astrid October 27, 2014 at 9:22 pm • Reply

Is this still accurate? I just went to Bitly twiter and here is what they had to say:
We were incorrectly listed in Google Safebrowsing which caused users to receive a malware warning. This issue has been resolved.

The reason I started using short links is because at some point FB dislike long links and so the game was on. Then they changed that to don't leave FB period! I always disliked hidden links as well!

I agree with Mark Mercer there maybe some competition issues. I was under the impression Bitly was hosted overseas?

Astrid October 27, 2014 at 9:23 pm • Reply

Whoops!
Sorry about the typos cell phone!

Konstantin October 28, 2014 at 3:01 am • Reply

Google smoked some crazy shit this weekend. Tjey even blacklisted my blog which neither contains spam, nor has ever been engaged in sending it. I had to contact Google HQ to unlock my site again.

Stuart Davidson October 28, 2014 at 3:32 am • Reply

Just so I'm clear, I should remove any links on my site pointing to delicious right? And any links submitted to delicious wont have any affect on the site they point to?

With regards to bit.ly, is it the same principle? If i have bit.ly links in posts/pages they should be removed?

Thanks for the clarification!

mark October 28, 2014 at 12:28 pm • Reply

It looks like both bitly and delicious's del.icio.us domain have mostly been removed from the blacklist now so I think you can probably just leave any links in place.

France October 29, 2014 at 3:16 am • Reply

Small enough to fit in your pocket, this thing really packs a charge.

You will be provided with a permanent factory unlock for the i - Phone models that are locked within a time of 24 hours only.
Never again have to end a photo expedition because your cellphone went dead.

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.