After pushing malware, ad networks also used for DDoS
Rogue online advertisements that infect computers with malware have become a common occurrence on the Internet. But now, it appears, hackers have also figured out how to launch crippling distributed denial-of-service (DDoS) attacks through ad networks.
The DDoS mitigation team at CloudFlare recently observed a large-scale attack which they believe was the result of malicious ads being loaded inside apps and browsers on mobile devices.
The attack, which targeted one of the company’s customers, peaked at 275,000 HTTP requests per second and was launched from over 650,000 unique IP (Internet Protocol) addresses, most of them from China.
What was interesting about this attack was that the requests appeared to be generated by real browsers, not scripts or malware, as are typically used in HTTP-based DDoS attacks. Furthermore, an analysis of the request headers indicated that almost 80 percent of the devices generating the traffic were smartphones and tablets.