Imagine you got a tweet from www.newscientist.com that says: “Folded DNA becomes Trojan horse to attack cancer: Hiding a powerful cancer drug inside a complex DNA st…” of course you are interested, so you click on the Bitly tag: bit.ly/S59ztD with which the tweet came, and your are presented with this on a freshly installed Windows 8 Tablet:
Popping up a Topmost Dialog box on which the text “Message from webpage” was superimposed has given you away. If it’s the OS antivirus message, it will not have “Message from Webpage” on it. So you showed me a dialog box on which I can only click “OK”. Then I clicked the OK button, and then you showed me an XP UI on my splinter new Windows 8 RTM install. You insult me Mr. Hacker. You need to go back to school and learn how to hack properly. You could have parse my OS string and discover I am running splinter new Windows 8 and just shut the F@#$ck up if you don’t have Win8 Flash video to show me, or have the audacity to present me with Windows 8 flash video.
So I clicked on the OK button and you show me in a Web page an XP screen being scanned. In a fu@#$king web-page?! So you are telling me my desktop is running in a web-page, what an idiot. All I have to do to burst your bubble is to right-click on the screen and I am greeted with the usual Flash video property dialog. Its beats me that people are falling for these amateurs. Clicking anywhere on your stupid flash video, you wanted to download an Exe file unto my system, which is promptly flashed as a trojan by Win8 Windows Defender. Even if I wanted, I could not download the file for the live of me for onward transmission to Microsoft Security center for analysis.
I have reported your stupid site to Microsoft’s SmartScreen blacklist site. You’ve been promptly removed from the internet. Go ahead, open another site you worm, it’s a matter of time before you are caught again. People like you are a shame to the geek community, can’t you find a decent job instead of ripping innocent people off. No wonder you go hungry, if you code like what I have just seen, you’ll be collecting unemployment benefit for a long time. If only I have time to come after you and show the world who you are, you two-faced worm.
Which brings me back to NewScientists.com. Be notified NewScientist your site has been hacked. I have been getting some Arabic country travel popup Ads each time I visit your site these past weeks. Obviously you’ve been had, only you didn’t know it. Hopefully with this warning, someone will wake up to cleanup your site. Else we’ll be forced to blacklist you too.
Ok I have an update on this story, it seems its not New Scientist that was hacked but Bitly itself. Clicking on bitly links in tweets is supposed to take you to the shortened site, but it takes you to these hijacked ADs or Virus vendor site. The portal overlays your destination with the hijacked site, sometime it shows you this stupid Travel Ad, or like yesterday, takes you to a virus site.
In this case, the bitly link I clicked in a tweet was bit.ly/RtY6WO which led to this hijacker site: http://da.feedsportal.com/c/33999/f/616880/s/228717b7/l/0L0Swpcentral0N0Cbbc0Eresponds0Edetail0Ewhy0Ethere0Eno0Eiplayer0Ewindows0Ephone/ia1.htm This is definitely a bad sign for Bitly, if hijacker are able to insert code into Bitly strings. The WPCentral tweet that started this can be found here: https://twitter.com/wpcentral/status/237281540864876544, funniest thing is that the hijack is not permanent ‘cause a few minutes later clicking of the bitly link just take you to the correct site. I have also found that clicking on the bitly link doesn’t go directly to bitly, but going through twitters url shortner site: http://t.co/AwByN6Ds. This is so convoluted, question is where is the hijack code inserted, in Bilty, or in twitter’s t.co service. Hopefully I am not the only one noticing this. I am reportiing the Feedportal site to all security sites for blocking. Little step at a time against the scum of the net. Let me know what you think.