DDoS attack sent 4.5 billion requests using mobile browsers

Researchers at CloudFlare spotted a distributed denial-of-service (DDoS) attack that used mobile browsers to flood a site with 4.5 billion requests.
Researchers at CloudFlare spotted a distributed denial-of-service (DDoS) attack that used mobile browsers to flood a site with 4.5 billion requests.

Researchers at CloudFlare spotted a distributed denial-of-service (DDoS) attack that used mobile device browsers to flood a site with 4.5 billion requests.

The attack was recorded in late August and targeted a CloudFlare customer based in China. The browser based Layer 7 flood peaked at 275,000 HTTP request per second and was issued by 650,000 unique IPs, according to a blog post

More than 99 percent of requests came from a Chinese IP address and nearly 80 percent came from mobile devices. Mobile versions of the Xiaomi's MIUI browser,Safari, Chrome, and Tencent's QQBrowser were used in the attack.

"Strings like 'iThunder' might indicate the request came from a mobile app. Others like 'MetaSr', 'F1Browser', 'QQBrowser', '2345Explorer', and 'UCBrowser' point towards browsers or browser apps popular in China," the post said.

Researchers speculate that the attackers used an ad network that served malicious Javascript as a distribution vector. The malicious ads were likely shown in iframes in mobile apps, or mobile browsers to unsuspecting victims that were browsing the internet, according to the blog post.

Researchers said they were confident the attack didn't involve a TCP (transmission control protocol) packet injection.

“Attacks like this form a new trend," the post said. "They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”

"We are unable to attribute the attack to a source," Marek Majkowski, a researcher with CloudFlare, told SCMagazine via email correspondence. "One trend we have seen is that DDoS attacks are a big problem in China, even more so than in the North America."

UPDATE: This article has been updated to include comments from CloudFlare

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS