Attacks DDoS type "layer 7"Is one of the most complex web attacks disguised to resemble legitimate online traffic, targeting specific areas of a website, making it even more difficult to detect.
Just yesterday the Cloud-based security company "Incapsula” detected a unique DDoS attack of the “layer 7” type, which is carried out using the internet traffic hijacking technique. The DDoS attack hit a website, with over 20 million GET requests, coming from preletterthe tours 22.000 users.
What makes this case particularly interesting is the fact that the attack was enabled by a persistent XSS vulnerability on one of the largest and most popular sites in the world – a domain in the Top 50 of Alexa.
Incapsula security company has not yet revealed the name of the vulnerable site for security reasons but said it is a domain provider of high-profile video content that allows users to have their own profiles.
The DDoS attack was enabled by a Persistent XSS (Cross site scripting) vulnerability that allowed an attacker to inject a malicious code JavaScript in the tag associated with the profile picture, as it says THN.
Vulnerability to one of the world's largest 50 sites triggers millions of visitors like DDoS Zombies.
Έτσι, όπως κάθε φορά που ένα νόμιμος επισκέπτης φτάνει σε οποιαδήποτε ιστοσελίδα του domain, η εικόνα του προφίλ του εισβολέα θα φορτώσει στο πρόγραμμα περιήγησης του επισκέπτη και θα εκτελέσει αυτόματα ένα injection στο κακόβουλο JavaScript το οποίο με τη σειρά του εγχύει ένα κρυφό iframe με τη διεύθυνση του centrecommand and control (C&C) of the attack. In this way, the computer of each visitor turns into an attacker's computer!
According to Incapsula, attackers use a DDoS tool with Ajax-script to be able to customize it in the victim's browser.