Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: How a website flaw turned 22,000 visitors into a botnet of DDoS zombie

09 Apr 2014   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
How a website flaw turned 22,000 visitors into a botnet of DDoS zombie

Researchers have uncovered a recent denial-of-service attack that employed an unusual, if not unprecedented, technique to surreptitiously cause thousands of everyday Internet users to bombard the target with a massive amount of junk traffic.

The attack worked by exploiting a Web application vulnerability on one of the biggest and most popular video sites on the Web, according to a blog post published recently by researchers at security firm Incapsula, which declined to identify the site by name. Malicious JavaScript embedded inside the image icons of accounts created by the attackers caused anyone viewing the users' posts to run attack code that instructed their browser to send one Web request per second to the DoS victim. In all, the technique caused 22,000 ordinary Web users to unwittingly flood the target with 20 million GET requests.

A Guy

My System SpecsSystem Spec

10 Apr 2014   #2

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick

It's pretty ingenious way to do DDoS and being end user friendly at the same time. Friendly, as in not taking over the end user's machine and making it a zombie; close the browser and the "Drowser" is gone.

It shouldn't be hard to identify the ingenious person, after all, he/she has an account at the site that serves up video content. Like most shared content site, the video content site logs access to the account, including source IP address. You know, pretty much the same information that is used by MPAA/RIA to send out threatening letters and/or emails the day after someone downloaded a copyrighted content. At least that's the case within the US...
My System SpecsSystem Spec

 How a website flaw turned 22,000 visitors into a botnet of DDoS zombie

Thread Tools

Similar help and support threads
Thread Forum
Report: 2014 DDoS Trends - Botnet Activity is up by 240%
Source A Guy
Security News
Hackers compromise official PHP website, infect visitors with malware
Source A Guy
Security News
Zeus botnet exploits unpatched PDF flaw
More at: Zeus botnet exploits unpatched PDF flaw - Computerworld
Security News
The Visitors are back on Sci Fi channel - V 2010
Hi all The new V 2010 looks great -- I enjoyed the original mini-series --this one is also good. (Sci Fi channel -- I think it's now renamed SYFY in the "general dumbing down" of any spelling that has 4 or more letters). The second part of Stargate Universe is also back -- but I still don't...
Chillout Room
massive botnet controlling some 1.9 million zombie comp
Do you know what your computer is doing tonight? :shock: Finjan Reveals 1.9 Million-Strong Botnet at RSA
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:41.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App