DDoS attack sent 4.5 billion requests using mobile browsers

An engineer on call to one of the company’s customers was drawn into investigating the cause of a flood of traffic to a server.

A large number of Chinese smartphones were used as unwilling participants in a huge DDoS attack, briefly overwhelming an unnamed web server, according to Cloudflare.

Malvertising attacks, which involve tricking ad networks into distributing advertisements that contain malicious code, have been used to infect computers with malware for years.

Majkowski says a victim’s browser was served an iframe with a malvertiser’s ad attack page that contained malicious JavaScript. Well, the same can be said in the modern day equivalent – albeit on an electronic platform, where DDoS attacks are concerned. “It seems probable that users were served advertisements containing the malicious JavaScript”. Cloudflare warns browser-based hacks are a “great danger to the Internet” as defending against them can be very hard, especially when operating only a small server. Furthermore, an analysis of the request headers indicated that nearly 80 percent of the devices generating the traffic were smartphones and tablets.

“Strings like “iThunder” might indicate the request came from a mobile app. Others like “MetaSr”, “F1Browser”, “QQBrowser”, “2345Explorer”, and “UCBrowser” point towards browsers or browser apps popular in China”, Majkowski said.

CloudFlare has speculated on the DDoS process.

A 2014 investigation by the U.S. Senate into malvertising concluded that online advertisements typically go through five or six intermediaries before they are delivered to users’ browsers, and ads can be replaced with malicious ones at any point in that chain.

This ad, which was requested from an ad network, then forwards a request to a third party which has successfully bid for the space.

The technique of using web advertising to spread malicious JavaScript has always been discussed.

“Since an efficient distribution vector is crucial in issuing large floods, up until now I haven’t seen many sizable browser-based floods”.

“Web pages became more interactive once new content could be loaded without having to follow links or load new pages”.