Researchers at CloudFlare spotted a distributed denial-of-service (DDoS) attack that used mobile device browsers to flood a site with 4.5 billion requests.
The attack was recorded in late August and targeted a CloudFlare customer based in China. The browser based Layer 7 flood peaked at 275,000 HTTP request per second and was issued by 650,000 unique IPs, according to a blog post.
More than 99 percent of requests came from a Chinese IP address and nearly 80 percent came from mobile devices. Mobile versions of the Xiaomi’s MIUI browser,Safari, Chrome, and Tencent’s QQBrowser were used in the attack.
“Strings like ‘iThunder’ might indicate the request came from a mobile app. Others like ‘MetaSr’, ‘F1Browser’, ‘QQBrowser’, ‘2345Explorer’, and ‘UCBrowser’ point towards browsers or browser apps popular in China,” the post said.
Researchers speculate that the attackers used an ad network that served malicious Javascript as a distribution vector. The malicious ads were likely shown in iframes in mobile apps, or mobile browsers to unsuspecting victims that were browsing the internet, according to the blog post.
Researchers said they were confident the attack didn’t involve a TCP (transmission control protocol) packet injection.
“Attacks like this form a new trend,” the post said. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”