14 DAY TRIAL // Some of the blogs on Tumblr seem to have been compromised and contain a redirect script that takes visitors to a spam site showing a miracle diet pill.
The discovery was made by Satnam Narang, a Symantec employee, after noticing that a large number of Pinterest accounts had also been compromised over the weekend.
What the two websites have in common is the fact that both of them lead to a fake version of the Women’s Health website.
In the case of Tumblr, the deed was done with the use of a script called “tumblr-redirect.js,” hosted on file sharing service Dropbox, and when the visitors landed on an affected blog, they would be automatically taken to an address impersonating the real Women’s Health website.
Catching on the trick is quite simple if the root domain is checked, because it does not correspond to the real thing, which is womenshealthmag.com. However, the crooks have taken a precaution to divert the victim’s attention and have added the “womenshealth” subdomain.
Moreover, the spammers went to great lengths to make the fake website look like the real one and plastered it with articles about the diet pills that can achieve weight-loss miracles.
With Tumblr, it seems that spammers concentrated on blogs that had not been touched for a while, as Narang says that “they all had not been updated for months or in some cases, years.” However, many of them served a legitimate purpose, but had fallen into abandonment at one moment.
In the case of Pinterest, the spam campaign proved to be more aggressive because many of the compromised accounts were linked to Twitter accounts and automatically shared the Pins on the micro-blogging platform.
Narang observes that these two incidents may have been connected to a previous one that occurred in April this year and leveraged hacked Twitter accounts in order to promote the spam content.
Compromised accounts were not limited to regular users and included those of public figures (athletes, models, politicians, television producers, bloggers, comedians) that had the authenticity verification checkmark.
The same Women’s Health website was used to confer credibility to the pills. In both incidents, the “I couldn’t believe it when I lost 6 lbs!” and “I was skeptical, but I really lost weight!” messages followed by a URL shortened through the Bit.ly service were used.
The recommendation for the users is to ensure strong passwords for logging into their accounts and, where possible, enable two-factor authentication. Also, Pinterest users should revoke and then re-authorize access of the Pinterest web app for Twitter.