
Mobile Ad Networks as DDoS Vectors: A Case Study - jgrahamc
https://blog.cloudflare.com/mobile-ad-networks-as-ddos-vectors/
======
bluedino
Why are they using a photo from a Korean running race/event?

~~~
kirun
This looks like the original story for the photo:

[http://news.yahoo.com/beijing-marathoners-don-face-masks-
bat...](http://news.yahoo.com/beijing-marathoners-don-face-masks-battle-
smog-040527456--spt.html)

So... it's not?

------
gaius
So, block all ads is the only safe choice.

------
tomlongson
This article is dumbed down to the point of having almost no substance.

URL should be:

[https://blog.cloudflare.com/mobile-ad-networks-as-ddos-
vecto...](https://blog.cloudflare.com/mobile-ad-networks-as-ddos-vectors/)

~~~
dang
Good point. Changed from
[http://www.bbc.co.uk/news/technology-34379254](http://www.bbc.co.uk/news/technology-34379254).

Edit: it looks like a duplicate though:
[https://news.ycombinator.com/item?id=10280894](https://news.ycombinator.com/item?id=10280894).

------
a3n
> The tidal wave of data was traced to a pool of booby-trapped adverts that
> had been seeded with malicious code.

Ahem.

> He speculated that the attack had worked because its creators had joined one
> of the networks that piped adverts to people as they browsed the web.

AH-HEM!

------
javajosh
I think it's instructive to consider the smallest possible malicious program
of this type, which involves only the use of a basic control structure and the
ability to initiate a request. The control structure could be setInterval, a
while or for loop; the request initiation can be an ajax call, or certain dom
manipulations (like altering img.src or script.src).

Questions: did I miss something? Can you write a program that either a)
detects these cases or b) provides a reasonable sandbox?

~~~
mox1
Yes, I'm sure you could pretty easily write said program. Then the people who
did this would obfuscate their code and you could probably then detect
that...and the game whack-a-mole will continue. Eventually as this cycle
continues you will end up with something that looks a lot like today's anti-
virus programs, (aka a pattern recognition engine...).

It's the (theoretical?) software that can detect these types of attacks before
or as they are happening that is of interest to lots of people now a days.

~~~
javajosh
I don't see how code obfuscation would help you defeat sand-boxing.

------
notsony
Surprise Surprise! The Chinese President is in the US and suddenly there are
scare stories popping up everywhere.

What a coincidence that CloudFlare decide to look at months old data and
publish a story making China look bad, at the exact same time the Chinese
President is visiting.

Remarkable timing.

Also shame on the BBC for a headline which implies there is an attack
happening right now.

~~~
jgrahamc
What a bunch of bullshit.

We didn't 'decide to look at months old data and publish a story'. This is one
of N articles we are writing about DDoS attacks we've seen.

Also, whenever people say "X makes China look bad" where X is some sort of
botnet I like to remind them that China is _huge_ and has a quarter of
Internet users and so a ton of machines. No surprise that there are a ton of
machines that get used in botnets.

