14 DAY TRIAL // We’ve recently learned that spammers advertising a shady diet have been leveraging an open redirect vulnerability in CNN’s website to trick Twitter users into thinking that their malicious links lead to a legitimate website.
After CNN addressed the vulnerability, the spammers started abusing a similar open redirect vulnerability in Ask.com.
According to security expert Janne Ahlberg, who has been monitoring the spam campaign, the open redirect vulnerability was reported to ask.com back in 2010, but it’s still unfixed.
The spammers are also exploiting a similar security hole in a Yahoo site to convince potential victims that their links point to a trustworthy website.
To increase their chances of success, they keep sending tweets to celebrities in hopes some of them will retweet their messages.
On the other hand, CNN might have addressed one vulnerability, but E Hacking News’ Sabari Selvan says he has identified another open redirect vulnerability in one of the media organization’s websites.
This particular flaw, which was reported to the company back in 2010, is not abused by the spammers, but its existence shows that cybercriminals have a lot of vulnerabilities to choose from when they launch such spam campaigns.