Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How a website flaw turned 22,000 visitors into a botnet of DDoS zombie

09 Apr 2014   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
How a website flaw turned 22,000 visitors into a botnet of DDoS zombie

Quote:
Researchers have uncovered a recent denial-of-service attack that employed an unusual, if not unprecedented, technique to surreptitiously cause thousands of everyday Internet users to bombard the target with a massive amount of junk traffic.

The attack worked by exploiting a Web application vulnerability on one of the biggest and most popular video sites on the Web, according to a blog post published recently by researchers at security firm Incapsula, which declined to identify the site by name. Malicious JavaScript embedded inside the image icons of accounts created by the attackers caused anyone viewing the users' posts to run attack code that instructed their browser to send one Web request per second to the DoS victim. In all, the technique caused 22,000 ordinary Web users to unwittingly flood the target with 20 million GET requests.
Source

A Guy


My System SpecsSystem Spec
.

10 Apr 2014   #2

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick
 
 

It's pretty ingenious way to do DDoS and being end user friendly at the same time. Friendly, as in not taking over the end user's machine and making it a zombie; close the browser and the "Drowser" is gone.

It shouldn't be hard to identify the ingenious person, after all, he/she has an account at the site that serves up video content. Like most shared content site, the video content site logs access to the account, including source IP address. You know, pretty much the same information that is used by MPAA/RIA to send out threatening letters and/or emails the day after someone downloaded a copyrighted content. At least that's the case within the US...
My System SpecsSystem Spec
Reply

 How a website flaw turned 22,000 visitors into a botnet of DDoS zombie




Thread Tools



Similar help and support threads for2: How a website flaw turned 22,000 visitors into a botnet of DDoS zombie
Thread Forum
Hackers compromise official PHP website, infect visitors with malware Security News
Zeus botnet exploits unpatched PDF flaw Security News
Lock out data partition to Visitors General Discussion
massive botnet controlling some 1.9 million zombie comp System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:32 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33