Online discussion and recommendation site Reddit today has been under attack, with random comments appearing to exploit users browsers.
Though at this stage nothing appears to happen to the users' computer, Mashable
reports that random comments are then posted under infected accounts:
We’re not aware of anything being downloaded to your machine at this point: only a XSS attack that posts the troublesome comments in your name
The attack appears to be spawning from a Javascript loophole in Reddits commenting system, as the attacker appears to be posting the rogue script in comments across the site.
It appears that to become infected, if you so much as hover over a comment with an orange envelope your account will begin the random posting of comments.
The site is back up again now, and appears the problem has been fixed. If you are still worried about visiting the site, it's recommended you turn off javascript in your browser to be safe.
Email this
Share on Facebook
30,000 drones in American skies, civil liberties in jeopardy
Listen
Print
Social Comments ()
Digital Journal Comments
