A recently discovered distributed denial of service (DDoS) attack has been found to have turned 22,000 unsuspecting users’ computers into ‘zombie’ hosts facilitating the attacks.
According to the blog post of online security company Incapsula, the attack that contained more than 20m GET requests is worrying because it was facilitated through one of the web’s most-visited websites. Incapsula is refusing to name the website until the vulnerability is fixed, but has said it is a ‘high-profile video-content provider’.
The attack worked when the offender places the harmful JavaScript in a profile image which they then place on a popular video’s page by placing a comment below. Once a person visits that page, the virus takes hold and turns their computer into a DDoS ‘zombie’, which sends multiple GET requests every second.
The longer the video, and the more viewers it has, the more effective it will be.
As Incapsula’s author of the blog post, Ronen Atias, puts it, “Knowing this, the offender strategically posted comments on popular videos, effectively created a self-sustaining botnet comprising tens of thousands of hijacked browsers, operated by unsuspecting human visitors who were only there to watch a few funny cat videos.”
Worryingly however, Incapsula believes the code they originally found was only considered a test run, as the code that replaced it appeared to be more robust and less susceptible to being taken down.
“The current code is not only much more sophisticated, but it is also built for keeping track of the attack, for what seems like billing purposes,” wrote Atias. “From the looks of it, someone is now using this Alexa Top 50 website to set up a chain of botnets for hire.”
DDoS attack image via Shutterstock
