When URL Shorteners and Ransomware Collide
We are all very familiar with URL shortening services, which are regularly used in Tweets and other social media. It is no secret that cyber criminals also use URL shorteners to aid them in achieving their objectives. URL shorteners are often used by cyber criminals to obfuscate redirects to malicious destinations.
Recently, a URL shortening service was used to shrink a dubious link, obfuscating a malicious destination:
46(dot)30(dot)45(dot)39/Statement.jpg
which was actually a malicious script dowloader “Statement.js”, dropping Cryptowall from
46(dot)30(dot)45(dot)39/yyo.w
Cryptowall is Ransomware which encrypts files on your computer and demands that a ransom be paid in order to receive instructions (private key) for decrypting your files (in this case, RSA-2048 encryption was used).
<…>
There are precautions that can be taken to avoid clicking on a malicious shortened link, such as not clicking on a shortened link if you do not know who it is from. If you want to take additional measures, there are services that unshorten shortened URL’s such as
checkshorturl(dot)com
Furthermore, it is highly recommended that you use anti-virus and anti-malware in conjunction for the best possible protection. Malwarebytes Anti-Malware protects users from this attack, including blocking identified malicious IPs and domains associated with Ransomware.
Source: When URL Shorteners and Ransomware Collide | Malwarebytes Labs