Attacks DDoS type "layer 7” is one of the most sophisticated web attacks that masquerades to look like legitimate web traffic, targeting specific areas of a by clicking heres, which makes their detection even more difficult.
Just yesterday Cloud-based company security "IncapsulaHas detected a unique DDoS attack type "layer 7" which is carried out with the technique of hijacking the internet traffic. The DDoS attack hit a website, with over 20 million GET requests coming from 22.000 user browsers.
What makes this case particularly interesting is the fact that the attack was triggered by persistent XSS vulnerability on one of the largest and most popular site in the world - a domain in Alexa's Top 50.
Incapsula security company has not yet revealed the name of the vulnerable site for security reasons but said it is a domain provider of high-profile video content that allows users to have their own profiles.
The DDoS attack was enabled by a Cross Site Scripting (XSS) vulnerability that allowed the attacker to inject a malicious JavaScript code into the tag associated with the profile image, as reported by THN.
Vulnerability to one of the world's largest 50 sites triggers millions of visitors like DDoS Zombies.
So, whenever a legitimate visitor arrives at any web page of the domain, the attacker's profile image will load in the visitor's browser and automatically execute an injection of malicious JavaScript which in turn injects a hidden iframe with his address centrecommand and control (C&C) of the attack. In this way, the computer of each visitor turns into an attacker's computer!
According to Incapsula, the attackers are using a DDoS tool with Ajax-script, so they can customize it in the victim's browser.