Public Service Announcement:
btdig.com contains malicious code which spams Jani Patokallio's blog gyrovague.com with requests.
This malicious code matches the code on archive.today's websites, as described in https://infosec.exchange/@iampytest1/115902693235671566
btdig.com is believed to be owned by the same person as archive.today.
Patches have been added to uBlock Origin's resource abuse list, EasyList, and AdGuard Base.
https://github.com/uBlockOrigin/uAssets/commit/2f835b6c18a0695145a8da626aafef0ba6a4bb8c
https://github.com/easylist/easylist/commit/cbf37fd3ebdcaee42287e2584a19d2ab909b4bc1
https://github.com/AdguardTeam/AdguardFilters/pull/223974
Thanks to Yuki2718, stephenhawk8054, and Alex-302 (in no particular order). Thanks also to two anonymous persons for assisting in this investigation.
While I publicly revealed this right after Jani's article, that was a coincidence. This was discovered prior to the publication of that article, and I had already decided to go public that day before it was published.
Further information can not be made public at this time.
I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests. The code I independently verified matches the code in the Hacker News post.
Behind CloudFlare: https://tria.ge/260116-d3jafadj81/behavioral1
Do not use archive.today, archive.is, and archive.ph. By accessing these websites, you are donating your bandwidth to a botnet of unknown origin and purpose.
Original source:
https://social.coop/@eb/115902323900229756
An emergency update to the Malicious Website Blocklist has been made to counter this threat. An emergency update is currently in the works to fix the emergency update as it is in the wrong place (I want to link to this toot in the update, so waiting to commit until I post).