Researchers at CloudFlare recently discovered a distributed denial-of-service (DDoS) attack against one of its client's websites. A distributed denial of service attack is an attempt to render a website unavailable to its users by flooding it with large amounts of fake web traffic to overwhelm its resources. Typical DDoS attacks either slow down the target website’s loading time or force it to go offline. A DDoS attack often utilizes other compromised computers to increase the volume of fake web traffic sent to a site. 

The scale and the origin of the DDoS attack in question made it unique. The attack peaked at 275,000 requests per second, collectively amounting to 4.5 billion requests made against the target website in one day. Further investigation revealed that the majority of the web traffic originated in China and the machines sending superfluous traffic to the target website were mostly mobile devices: “Strings like 'iThunder' might indicate the request came from a mobile app. Others like 'MetaSr', 'F1Browser', 'QQBrowser', '2345Explorer', and 'UCBrowser' point towards browsers or browser apps popular in China.” The 4.5 billion requests flooding the targeted websites originated from 650,000 unique IP addresses, indicating that the attack was utilizing a large network of compromised devices to deliver the attack. Additionally, the attack used malicious JavaScript code to force the mobile browsers to make requests of the targeted site.

Since the attacks were primarily issued from mobile devices in a single country using the aforementioned methodology, the researchers at CloudFlare hypothesized that “the most plausible distribution vector seems to be an ad network. It seems probable that users were served advertisements containing the malicious JavaScript. [These] ads were likely showed in iframes in mobile apps, or mobile browsers to people casually browsing the internet.” Ad networks have already been used for the large-scale distribution of malware this year, as both Yahoo’s and AOL advertising has been compromised.