New DDoS attack uses smartphone browsers to flood site with 4.5bn requests

[jos]

Researchers suspect a mobile advertising network has been used to point hundreds of thousands of smartphone browsers at a website with the aim of knocking it offline.

According to distributed denial-of-service protection service CloudFlare, one customer's site recently came under fire from 4.5 billion page requests during a few hours, mostly from smartphone browsers on Chinese IP addresses.

 browser-based 'Layer 7' flood attacks have been viewed as a theoretical threat for several years, but haven't become a reality due to difficulties in efficiently distributing malicious JavaScript to force a large number of browsers to make HTTP requests to a targeted site.

Here's how the attack works: when a user opens an app or browses the web, they are served an iframe with an ad whose content was requested from an ad network. The ad network then forwards the request to a third-party that successfully bids for that inventory and then forwards the user to an attack page.

"The user was served an attack page containing a malicious JavaScript which launched a flood of XHR requests against CloudFlare servers,"

 

 

As the usage of smartphone increases.. smartphones will become  main center of attack... It is just people just keep on getting smartphone... I does not care if it is apple, google, Microsoft or any other platform...

Source: http://www.zdnet.com/article/new-ddos-attack-uses-smartphone-browsers-to-flood-site-with-4-5bn-requests/

 

[WhackingCheese]

Topkek.

[AlwaysFSX]

RIP data usage. Jesus that's dastardly.

[Deli]

When all the smart devices come on line later. We shall see "Massive DDOS by millions of smart microwaves and refrigerators" "Website was DDOS by millions of smart street lamps".

 

Golden age for hackers.

[Litargirio]

Seriously, why do people even bother doing these things? It's so pointless...  <_<

[Misanthrope]

Hey with as many of devices out there I'm surprised it took so long to bring cellphones into a botnet.

[ValkyrieX]

New DDoS attack uses smartphone browsers to flood site with 4.5bn requests

Researchers have found that smartphone browsers can deliver a powerful flooding attack.

 

---

Researchers suspect a mobile advertising network has been used to point hundreds of thousands of smartphone browsers at a website with the aim of knocking it offline.

According to distributed denial-of-service protection service CloudFlare, one customer's site recently came under fire from 4.5 billion page requests during a few hours, mostly from smartphone browsers on Chinese IP addresses.

As CloudFlare's Marek Majkowski notes, browser-based 'Layer 7' flood attacks have been viewed as a theoretical threat for several years, but haven't become a reality due to difficulties in efficiently distributing malicious JavaScript to force a large number of browsers to make HTTP requests to a targeted site.

Security researchers have previously suggested web ads as an efficient way to distribute malicious JavaScript.

Analysing the log files, Majkowski found the smartphone browser attack peaked at over 275,000 HTTP requests per second, with 80 percent coming from mobile devices and 98 percent from a Chinese IP address. The logs also reveal mobile versions of Safari, Chrome, Xiaomi's MIUI browser, and Tencent's QQBrowser.

"Strings like 'iThunder' might indicate the request came from a mobile app. Others like 'MetaSr', 'F1Browser', 'QQBrowser', '2345Explorer', and 'UCBrowser' point towards browsers or browser apps popular in China," Majkowski said.

Majkowski speculates that the attack was made possible by an ad network, and believes the reason so many mobile browsers visited the attack page hosting the malicious JavaScript was due to ads shown in iframes, either in mobile apps or mobile browsers.

 

"The user was served an attack page containing a malicious JavaScript which launched a flood of XHR requests against CloudFlare servers," explained Majkowski.

The attack site itself hosting the malicious JavaScript included instructions to launch an XHR in a loop.

 

 

 

http://www.zdnet.com/article/new-ddos-attack-uses-smartphone-browsers-to-flood-site-with-4-5bn-requests/

(Copy & pasted for those who don't trust external links) <_<

[flibberdipper]

Seriously, why do people even bother doing these things? It's so pointless...  <_<

Exactly. It's fucking pointless and the people that do it are useless asshat scumbags.

[Peacefulwarrior]

Seriously, why do people even bother doing these things? It's so pointless...  <_<

Its usually one of three things.

1: Money

2: Because they just want to watch the world burn

3: "For da lolz"

[Litargirio]

3: "For da lolz"

 

But it's not even funny... all that happens is that a website goes down.

[Torand]

When all the smart devices come on line later. We shall see "Massive DDOS by millions of smart microwaves and refrigerators" "Website was DDOS by millions of smart cars".

 

Golden age for hackers.

 

You may laugh, but this has already supposedly happened... http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/

[VerticalDiscussions]

-snip-

Cant we just shoot these people and later throw them into the river for the piranhas to eat theyr remains?

[TorqueS]

Skynet...* insert it's happening meme*

[Litargirio]

Cant we just shoot these people and later throw them into the river for the piranhas to eat theyr remains?

 

What a waste of metal. I think we can just throw them into the river right away. If they somehow manage to get out, we can simply throw them back in. 

[Deli]

You may laugh, but this has already supposedly happened... http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/

Agent Smith: "You hear that Mr. Anderson?"....."This is the sound of inevitability."

 

[Peacefulwarrior]

But it's not even funny... all that happens is that a website goes down.

Its really funny to them but to the sane ones who are not idiots or immature we don't understand why its so funny. THey enjoy that we don't understand it and will use that to troll you. Such is the way of the internet and little shits that inhabit it