Friday 7 June 2013

CyberCriminals leverage CNN Open Redirect vulnerability for spreading spam

Yesterday, (@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.

"The diet porgram you told us about yesterday is soo good! hxxx://cgi.cnn.com/cgi-bin/redir?URL=hxxx://tumblrhealth.me" One of the tweets posted from the spammers' twitter account reads.

The tweet apparently shows cyber criminals managed to leverage the open redirect security flaw in the CNN to redirect twitter users to the Diet spam websites.


"I love myself even more after I started your diet porgram [link]" spam tweets read.  "Yahoo made an article about how amazing your new diet program is!! You look amazing" 

The technique provides several advantages to the cybercriminals including 
  • Getting trust of users
  • URL filtering won't block users from accessing the url because the request goes to CNN.  CNN website then redirects the user to scam website. 

 After further research, i identified the spammers has also managed to exploit the open redirection security flaw in Yahoo.

"hxxx://us.ard.yahoo.com/SIG=15ohh3h62/M=722732.13975606.14062129.13194555/D=regst/S=150002347:R2/Y=YAHOO/EXP=1275539597/L=hnNys0Kjqbp5Cok8Sr10cAJDTPYa3UwHFG0AANhn/B=VSDoPmKJiUs-/J=1275532397077354/K=rS6pwy3MN2NPP7SBqBCOAQ/A=6097785/R=0/SIG=11o4aqdmv/*hxxx://bit.ly/HealthDiet2"
This is not the first time the CNN website is being abused by cyber criminals.  In 2010, the spammers managed to exploit the open-redirect vulnerability in "ads.cnn.com".

*Update: security researcher Janne Ahlberg ‏discovered @50Cent who has 7.6M followers fell victim to this spam campaign and retweeted the spam tweet:

No comments:

Post a Comment