One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming with the numerous HTTP requests and making it go offline. It is suspected that the attacks were channeled through a mobile advertising network.
This revelation came to light after CloudFare, a distributed denial-of-service protection company intimated that one of their customer’s sites was the victim of this aggression. The company revealed that the sight was bombarded with more than 4 billion page requests within a span of a few hours. On further analysis, it was discovered that majority of these requests were made using smartphone browsers. Upon even digging further, it was noted that an astounding number of these requests came from Chinese IP addresses.
Image: iStock ( ZDNET )
Internet security experts have looked into a number of ways hackers can overcome this stumbling blocks and launch their attacks. One of the ways that has been viewed as a potential ‘flood gate’ is through the use of suggested web ads. It seems that the hackers have also been doing their homework and this is the path that was used.
After the attack was noted, the next step was analyzing the log files to identify exactly what went wrong and how it was done. Majkowski revealed that upon doing these analyses, it was discovered that the attacks climaxed at beyond 275,000 HTTTP requests each and every second. As previously mentioned, most of those requests (80%) were made from smartphones. What is even more astounding is that they seemed to stem from one location. A whopping 98% of the requests came from Chinese IP addresses. The log files also had a lot to say about the kind of mobile browsers that were used. They included Safari, Chrome, Xiaomi’s MIUI browser, and Ten cent’s QQBrowser.
The CloudFare expert further revealed how that data on the location from which the attacks were launched and how they were done were similar and consistent in nature. He stated that there are strings such as ‘iThunder’ which imply that the request was made from a mobile-based app. Furthermore, there were numerous other strings such as ‘MetaSr’, ‘F1Browser’, and ‘QQBrowser’ which indicate that they were implemented from not only browsers but also apps that are popular among smartphone users in China.
The attack is achieved by serving a user with an iframe add requested by the add network when they are using an app or browser. The ad network redirects the request to a successful third party bidder for the inventory; which in turn leads the user to the attack page thereby launchi8ng the flood of looping XHR requests.