TweakTown

Leading website compromised, turns users into "DDoS zombies"

Unknown major video website, in Alexa top 50, was hacked and compromised to turn visitors into unsuspecting "DDoS zombies"

Published Mon, Apr 7 2014 11:19 PM CDT   |   Updated Sat, Aug 8 2020 10:29 AM CDT

A major global website was recently hit by cybercriminals, with the hacked website turning visitors into "zombies" that in turn launched distributed denial of service (DDoS) attacks. A Persistent XSS vulnerability gave cybercriminals the chance to embed malicious JavaScript code, according to enterprise security company Incapsula.

Leading website compromised, turns users into DDoS zombies | TweakTown.com

Each user that views a compromised profile image with the malicious code then ends up sending a GET request to targeted websites. The group responsible also posted comments on large quantities of other videos, to ensure the profile image was viewed as many times as possible.

"As a result, each time a legitimate visitor landed on that page, his browser automatically executed the injected JavaScript, which in turn injected a hidden with the address of the DDoSer's C&C domain," according to Incapsula. "Obviously one request per second is not a lot. However, when dealing with video content of 10, 20 and 30 minutes in length, and with thousands views every minute, the attack can quickly become very large and extremely dangerous."

NEWS SOURCE:incapsula.com

An experienced tech journalist and marketing specialist, Michael joins TweakTown looking to cover everything from consumer electronics to enterprise cloud technology. A former Staff Writer at DailyTech, Michael is now the West Coast News Editor and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Related Tags

Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles