CloudFare administrators report that they have detected a DDoS attack against their infrastructure and that it involved a network advertising as well as unsuspecting users who are made partners in the attack by malicious ads.
The attack lasted only a few hours but managed to reach a volume close to 275.000 HTTP requests per second. The company also reports that they successfully mitigated the attack without having to download their server.
CloudFare says, speculate that this was a new kind of DDoS attack, in which ad networks and unsuspecting users are used.
The attack is channeled from real movement and from real persons
According to researchers of the company, suspect that a random web browsing by users from their computer or mobile, served them an iframe containing an advertisement.
The iframe requested the content of an ad from the ad network, which in turn requested the content of that ad from its servers person that shares that particular ad.
Unknown to the user and the advertising network, the person who shares the ad (that is, the attacker) serves a malicious ad that contains JavaScript code and is intended to make a request to the victim (which in this case was a webpage hosted on the CloudFare infrastructure).
The attack came from China
The attack was very innovative in its approach, and according to CloudFare, does not include a TCP packet like the classic ddos attacks, but it looks like a real daily move.
After analyzing millions of log lines, CloudFare says 99,8% of the traffic originated from Chinese IP addresses. The attackers probably come from the same country, mainly because of the comments left on malicious JavaScript code, which was also in the Chinese language.
The 72% of users who came to the ddos attack used a mobile device, 23% used a desktop computer, while 5% of users were tablet-users.