• Technus
    link
    fedilink
    English
    arrow-up
    31
    ·
    6 months ago

    […] code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites.

    I wonder if the intent was to actually send users to these sites, or to generate bogus clicks on ad links.

    Seems like a lot of effort to go through just to drive a little extra traffic to some random porn sites.

      • Technus
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        Maybe to see how quickly it was noticed? Yeah, possibly

      • Wispy2891@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        A very expensive test run

        Imagine the face of the state sponsored attacker that ordered to spend hundreds of thousands of dollars for this supply chain attack to happen and then it’s all wasted to send a few visitors to a porn site

  • conciselyverbose@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    16
    ·
    6 months ago

    Cloudflare’s (pretty good IMO) response was pretty indicative of how bad this was. It sounded a lot to me (without that low level of familiarity of exactly everything they offer) like they specifically built some new tooling just to handle this issue at scale. They definitely said that changing links on pages (without an opt in for free users, who generally are less advanced/serious) is not something that they want to do, which is good, but I do think this specific scenario justified defaulting to enabled for customers who aren’t paying for the service.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    6 months ago

    This is the best summary I could come up with:


    ]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren’t natively supported.

    On June 25, researchers from security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites.

    Even then, content delivery networks such as Cloudflare began automatically replacing pollyfill links with domains leading to safe mirror sites.

    The findings underscore the power of supply-chain attacks, which can spread malware to thousands or millions of people simply by infecting a common source they all rely on.

    “Since the domain was suspended, the supply-chain attack has been halted,” Aidan Holland, a member of the Censys Research Team, wrote in an email.

    What’s more, the Internet scan performed by Censys found more than 1.6 million sites linking to one or more domains that were registered by the same entity that owns polyfill[.]io.


    The original article contains 645 words, the summary contains 148 words. Saved 77%. I’m a bot and I’m open source!