Category Archives: DDoS Vendors

Hackers Used Imgur to Launch DDoS Attacks on 4chan

A Reddit user has uncovered a covert method of carrying DDoS attacks on 4chan’s infrastructure using images hosted on Imgur, via Reddit. According to Reddit user rt4nyp, who discovered the vulnerability, every time an Imgur image was loaded on the /r/4chan sub-reddit, over 500 other images were also loaded in the background, images hosted on 4chan’s CDN. Since traffic on 4chan is quite huge as is, getting some extra connections from Reddit pushed 4chan’s servers over the edge, crashing them several times during the day. Additionally, 8chan, a smaller 4chan spin-off, was also affected and suffered some downtime as well. Malicious code was being loaded with Imgur images Reddit user rt4ny was alerted that something was amiss when he noticed that Imgur images on Reddit were loaded as inlined base64 data. Taking a closer look at the base64 code, he observed that a small piece of JavaScript code was added at the end, which had no business being there. This code secretly stored the “axni” variable in the browser’s localStorage, which was set to load another JavaScript file from “4cdns.org/pm.js.” This is not 4chan’s official CDN, but a domain registered to closely resemble the real deal, which was taken down in the meantime. When refreshing the original image that loaded the “axni” variable, the malicious code would not be loaded again, a measure taken to avoid detection. Additionally, also to avoid detection, the JS file stored on “4cdns.org/pm.js” could not be loaded directly in the browser. Loading 500+ 4chan images inside a hidden iframe Analyzing the pm.js file, rt4ny found that it loaded an iframe outside the user’s view with the help of some clever CSS off-screen positioning tricks, inside which the hundreds of 4chan images were being loaded, along with a 142 KB SWF file. Imgur was contacted about this issue, and fixed it on the same day. “Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur,” said the Imgur team. “From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.” It’s a sad day for humanity when we see hackers combine the three best sites on the Internet to find cat GIFs into such wicked and immoral ways. Source: http://news.softpedia.com/news/hackers-used-imgur-to-launch-ddos-attacks-on-4chan-492433.shtml

See the original post:
Hackers Used Imgur to Launch DDoS Attacks on 4chan

The rise of repeated "low and slow" DDoS attacks

There's been a significant change in the nature of DDoS attacks that is leaving businesses exposed to data breaches and malware. Recent research from Neustar shines a light on the changing tactics …

See the original post:
The rise of repeated "low and slow" DDoS attacks

Aggressive tactics from DD4BC extortionist group revealed

Akamai shared details of an increase in DDoS attacks from the Bitcoin extortionist group DD4BC, based on observation of attack traffic targeted at customers from September 2014 through August 2015. …

Continued here:
Aggressive tactics from DD4BC extortionist group revealed

3l33t haxxors don’t need no botnet, they just pinch passwords

Crooks can thrive by ‘living off the land’ rather than forging elaborate schemes Half of all breaches Dell’s SecureWorks outfit has responded to over the last year have been a result of attackers using legitimate admin tools and stolen credentials.…

Link:
3l33t haxxors don’t need no botnet, they just pinch passwords

Bored Brazilian skiddie claims DDoS against Essex Police

‘I will do 19 years’ attacker says in garbled English – perhaps accidentally right A teenager from Brazil has claimed responsibility for a distributed denial of service (DDoS) attack on Essex Police’s website, following a similar attack on another force earlier this week.…

See the article here:
Bored Brazilian skiddie claims DDoS against Essex Police

Borg bashes destabilising DoS bug in USC kit

No workaround, so it’s ‘patch or chuck it in the bin’ Cisco has patched a denial of service vulnerability in its unified computing platform.…

Original post:
Borg bashes destabilising DoS bug in USC kit

Borg bashes destabilising DoS bug in UCS kit

No workaround, so it’s ‘patch or chuck it in the bin’ Cisco has patched a denial of service vulnerability in its unified computing platform.…

Follow this link:
Borg bashes destabilising DoS bug in UCS kit

Greater Manchester plod site targeted by nuisance DDoS attack

‘There will be more attacks today,’ attacker proudly tells El Reg The website for Greater Manchester Police was targeted by two Distributed Denial of Service (DDoS) attacks yesterday, which rendered the site unavailable for more than two hours. The operators of two Twitter accounts have claimed responsibility.…

Original post:
Greater Manchester plod site targeted by nuisance DDoS attack

NCA targeted by Lizard Squad in apparent DDoS revenge attack

There’s no skill in this, agency sneers The National Crime Agency’s website has been hit by a DDoS attack, in an apparent act of revenge for the body’s recent crackdown on users of Lizard Squad.…

See the article here:
NCA targeted by Lizard Squad in apparent DDoS revenge attack

Six teens arrested in UK for using hacking group’s paid DDoS service

Six teenagers were arrested by British police on suspicion of attacking websites, the country’s National Crime Agency (NCA) announced on Friday. The teenagers were users of the hacking group Lizard Squad and used the Lizard Stresser tool, software that allowed them to pay to take websites offline for up to eight hours at a time, according to an NCA statement. The tool works by using Distributed Denial of Service (DDoS) attacks, which flood web servers or websites with massive amounts of data, leaving them inaccessible to users. Those arrested in the operation coordinated by NCA were all teenage boys aged from 15 to 18, while two other suspected users of Lizard Stresser were arrested earlier this year, the NCA said. The suspects are thought to have maliciously deployed Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous, the NCA also said. Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies, and a number of online retailers, according to the NCA. Lizard Squad became a well-known hacking group last year after it claimed responsibility for taking down the PlayStation Network and Xbox Live. The group later launched the Lizard Stresser tool. “By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” said Tony Adams, head of investigations at the NCA’s National Cyber Crime Unit. Officers are also visiting some 50 addresses linked to individuals registered on the Lizard Stresser website, but who are not currently believed to have carried out attacks. A third of the individuals identified are under the age of 20, according to the NCA. “One of our key priorities is to engage with those on the fringes of cyber criminality to help them understand the consequences of cyber crime, and how they can channel their abilities into productive and lucrative legitimate careers,” said Adams. Source: http://www.globalpost.com/article/6638281/2015/08/28/six-teens-arrested-uk-using-hacking-groups-paid-ddos-service

See the original article here:
Six teens arrested in UK for using hacking group’s paid DDoS service