Bitly is a popular url shortening service that is widely used and according to Alexa one of the top 4000 websites in the world. It can be used by anyone to turn any link into a shorter version that looks similar to this one: http://bit.ly/1dNVPAW
If you have tried to open the main Bitly website recently or clicked on a link that was shortened by others using the service you may have received a notification in your browser that access to the website has been blocked.
Google Chrome notifies you that "the site ahead contains malware" while Firefox that the site is a "reported attack page".
Both Google Chrome and Firefox use Google's Safe Browsing service to determine whether a site is safe to visit or not.
If you check Google's Safe Browsing page for the service, you get the following information:
- The site is listed as suspicious as part of it was listed for suspicious activity in the past 90 day period.
- 669 of the 91854 pages that Google crawled resulted in "malicious software being downloaded and installed without user consent".
- Malicious software included trojans and exploits, with successful infections resulting in an average "of three new processes on the target machine".
It is clear that the service itself is not distributing malicious software directly but that other sites it redirects to are. Since it can be used by anyone to create a new redirection link, it is easy to abuse it for these kind of attacks.
All that is left to be done then is to distribute those links on the Internet to lure users into the trap.
It is possible to visit the site anyway in both browsers. Here is how that is done..
- When you get the "the site head contains malware" warning click on the Details link on that page.
- Here you need to click on "visit this unsafe site" link to visit the site in question.
- Firefox displays a "ignore this warning" link on the warning page which you need to click on.
Bypassing the warning can put your computer at risk. It is highly recommended to have some form of protection in place including up to date antivirus software but also browser specific security extensions such as NoScript to block these kind of attacks from affecting your computer.