XSS bug in popular Chinese site exploited to launch DDoS attack
Posted on 28 April 2014.
Bookmark and Share
DDoS mitigation firm Incapsula has put a stop to the speculations that the video content provider whose vulnerable website was misused to launch a DDoS attack was YouTube, and has revealed that it was actually Sohu.com, currently the 27th most visited website in the world.

Earlier this month, Ronen Arias, security analyst at Incapsula, has written a blog post about the attack in question, which the company was hired to mitigate. The (still unnamed) third-party target of the attack was being hit with "over 20 million GET requests originating from the browsers of over 22,000 Internet users."

The investigation revealed an unlikely source. A XSS vulnerability in one among the most popular websites in the world allowed the attacker to inject JavaScript code into the tag associated with the profile image of its users.

The attacker went on to comment on many, many videos, and each time the malicious code would accompany the comment. Once the code was on a page, each time another visitor landed on it the code was executed and would trigger another code injection and an Ajax-scripted DDoS tool that would take command of the browser and instruct it to send repeated (one per second) requests to the target sites.

"Obviously one request per second is not a lot. However, when dealing with video content of 10, 20 and 30 minutes in length, and with thousands of views every minute, the attack can quickly become very large and extremely dangerous," Arias explained.

"Knowing this, the offender strategically posted comments on popular videos, effectively created a self-sustaining botnet comprising tens of thousands of hijacked browsers, operated by unsuspecting human visitors who were only there to watch a few funny cat videos."

He also shared some details on how the company was able to block the attack and discover its source.

The site in question has been notified of the vulnerability, and has eventually patched it, allowing Incapsula to finally squash the rumours swirling around on the internet about its identity.


What does the future hold for cloud computing?

Posted on 21 July 2014.  |  Cloud computing’s widespread adoption by businesses and consumers alike all but guarantees that, in five to ten years’ time, the technology will still be very much with us.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Jul 22nd