A Reddit user has uncovered a covert method of carrying DDoS attacks on 4chan’s infrastructure using images hosted on Imgur, via Reddit.
According to Reddit user rt4nyp, who discovered the vulnerability, every time an Imgur image was loaded on the /r/4chan sub-reddit, over 500 other images were also loaded in the background, images hosted on 4chan’s CDN.
Since traffic on 4chan is quite huge as is, getting some extra connections from Reddit pushed 4chan’s servers over the edge, crashing them several times during the day. Additionally, 8chan, a smaller 4chan spin-off, was also affected and suffered some downtime as well.
Malicious code was being loaded with Imgur images
When refreshing the original image that loaded the “axni” variable, the malicious code would not be loaded again, a measure taken to avoid detection.
Additionally, also to avoid detection, the JS file stored on “4cdns.org/pm.js” could not be loaded directly in the browser.
Loading 500+ 4chan images inside a hidden iframe
Analyzing the pm.js file, rt4ny found that it loaded an iframe outside the user’s view with the help of some clever CSS off-screen positioning tricks, inside which the hundreds of 4chan images were being loaded, along with a 142 KB SWF file.
Imgur was contacted about this issue, and fixed it on the same day.
“Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur,” said the Imgur team. “From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.”
It’s a sad day for humanity when we see hackers combine the three best sites on the Internet to find cat GIFs into such wicked and immoral ways.