DDoS attack sent 4.5 billion requests using mobile browsers

ddos-attacks1Researchers at CloudFlare spotted a distributed denial-of-service (DDoS) attack that used mobile device browsers to flood a site with 4.5 billion requests.

The attack was recorded in late August and targeted a CloudFlare customer based in China. The browser based Layer 7 flood peaked at 275,000 HTTP request per second and was issued by 650,000 unique IPs, according to a blog post.

More than 99 percent of requests came from a Chinese IP address and nearly 80 percent came from mobile devices. Mobile versions of the Xiaomi’s MIUI browser,Safari, Chrome, and Tencent’s QQBrowser were used in the attack.

“Strings like ‘iThunder’ might indicate the request came from a mobile app. Others like ‘MetaSr’, ‘F1Browser’, ‘QQBrowser’, ‘2345Explorer’, and ‘UCBrowser’ point towards browsers or browser apps popular in China,” the post said.

Researchers speculate that the attackers used an ad network that served malicious Javascript as a distribution vector. The malicious ads were likely shown in iframes in mobile apps, or mobile browsers to unsuspecting victims that were browsing the internet, according to the blog post.

Researchers said they were confident the attack didn’t involve a TCP (transmission control protocol) packet injection.

“Attacks like this form a new trend,” the post said. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s