After pushing malware, ad networks also used for DDoS

28 Sep 2015 | Author: | No comments yet »

Ad networks used to direct DDoS attacks.

Hackers are leveraging advertisements served through an ad network to serve out malicious JavaScript code that pummels a target with completely legitimate HTTP requests.A large number of Chinese smartphones were used as unwilling participants in a huge DDoS attack, briefly overwhelming an unnamed web server, according to Cloudflare.

CloudFlare has turned up an unusual form of denial-of-service attack: mobile advertisements that are pumping out around 275,000 HTTP requests per second. The cloud outfit didn’t name the victim, but said the Layer 7 HTTP floods hitting the target is the latest example of a once-theoretical attack turning up in the real world. Ironically, the abnormality here was really how the requests seem to originate from legitimate devices, wrote Marek Majkowski, an engineer at CloudFlare, prompting the team to dig further. The ads were placed in apps popular in China, says CloudFare, a security company that noticed the attack. “It seems probable that users were served advertisements containing the malicious Javascript,” wrote Cloudflare security analyst Marek Majkowski in a blogpost.

London CloudFlare engineer Marek Majkowski says the difficulty in turning HTTP floods into a real attack was overcome using malicious JavaScript in an advertisement. According to Majkowski, the trick for large DDoS attacks of this kind resides in solving the challenge of putting together a distribution vector that can be used to funnel attacks of truly gigantic proportions. “It seems the biggest difficulty is not in creating the JavaScript – it is in effectively distributing it. Since an efficient distribution vector is crucial in issuing large floods, up until now I haven’t seen many sizable browser-based floods,” explained Majkowski. These ads were likely showed in iframes in mobile apps, or mobile browsers to people casually browsing the internet.” A lot of sites host auctions for their ad space – whoever bids highest gets the space.

The user’s device then launched a flood of XHR requests against CloudFlare servers. “Attacks like this form a new trend,” he says. “They present a great danger in the internet [since] defending against this type of flood is not easy for small website operators.” The attack follows China’s so-called Great Cannon that the University of Toronto found in April was hijacking web traffic entering the Middle Kingdom to overpower sites critical of the authoritarian state. A dedicated script was put together to parse through a sample of 17 million log lines, out of the log files generated by some 4.5 billion requests from over 650,000 unique IP addresses. This presents a grave new threat to the internet, Cloudflare claims, as smaller website operators have no real defense against these kind of high-level DDoS attacks.

Here you can write a commentary on the recording "After pushing malware, ad networks also used for DDoS".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site