YTS Bypasses Security Warnings with Simple URL Update

[Matrix]

 

A few days ago, popular torrent site YTS was flagged as a potential phishing site by Chrome and Firefox. Today, these warnings have disappeared but not because the problems were resolved. YTS simply switched to a new URL structure, ditching the problematic /movie/ subcategory.

 

 

The Internet is full of threats. To help people steer clear from trouble, Google launched its Safe Browsing tool in 2012.

 

This service marks problematic websites when there are potential malware and phishing problems. This information can then be used by third-parties to take action.

 

In the past, several popular pirate sites have been flagged. These issues are usually caused by malicious advertisers. The operators of the sites get a heads up form Google, and after the problem is addressed, the flag is removed.

YTS Pages Were Blocked by Chome and Firefox

Last weekend, YTS had first-hand experience of this process. The torrent site, which serves millions of people per day, was branded a ‘phishing’ threat by Google.

 

As a result, Chrome and Firefox blocked users from directly accessing some pages on the site. While the homepage showed no issues, the movie detail pages returned a full-screen red warning, cautioning people to stay away.

 

 

Needless to say, these types of warnings will have a negative impact on the site’s traffic, whether they are warranted or not. In other words, fixing the issue should be a high priority for the site’s operator.

 

And indeed, when we visited YTS today everything had returned to normal. Or so it seemed. The movie detail pages no longer threw up any warnings and downloading .torrent files worked just fine.

Simple Trick Makes Security Warnings Disappear

While this might appear to be a matter of ‘case solved’, taking a closer look at the site reveals a tiny but important change. The movie detail pages are no longer linked from a /movie/ subdirectory, but from /movies/, as shown below.

 

 

Adding an ‘s’ to the URL appears to be insignificant but, in this case, it’s not. Apparently, this extra letter is the reason why users no longer see any warnings. The old URLs, without the ‘s’ remain blocked.

 

It seems odd that a site can bypass Google’s elaborate Safe Browsing tool by simply updating a URL, but it works. A quick check in the Safe Browsing tool confirms that the new link to YTS.mx/movies is clean, while the old YTS.mx/movie link is still ‘unsafe.’

 

Whether YTS also tackled the underlying problem is unknown. However, we assume that the new links will eventually be flagged too if the issue persists.

Enhanced Safe Browsing?

The bypass trick comes just a few days after Google announced that it had started rolling out an ‘enhanced Safe Browsing’ for Chrome users. This has nothing to do with the YTS issues, but Google’s intro is worth noting.

 

“Over the past few years we’ve seen threats on the web becoming increasingly sophisticated. Phishing sites rotate domains very quickly to avoid being blocked,” Google wrote.

 

We wouldn’t classify the addition of extra letter in the URL as ‘sophisticated,’ but it certainly helped to get rid of the security warning.

 

Source

[zanderthunder]

5 hours ago, Mach1 said:

However, we assume that the new links will eventually be flagged too if the issue persists.

It's a whack-a-mole situation tho. The race to bypass these security warning with a simple change of URL, or even domain switch.

[Sylence]

Good job YTS