15 comments

[ 3.2 ms ] story [ 38.9 ms ] thread
(comment deleted)
I think it's instructive to consider the smallest possible malicious program of this type, which involves only the use of a basic control structure and the ability to initiate a request. The control structure could be setInterval, a while or for loop; the request initiation can be an ajax call, or certain dom manipulations (like altering img.src or script.src).

Questions: did I miss something? Can you write a program that either a) detects these cases or b) provides a reasonable sandbox?

Yes, I'm sure you could pretty easily write said program. Then the people who did this would obfuscate their code and you could probably then detect that...and the game whack-a-mole will continue. Eventually as this cycle continues you will end up with something that looks a lot like today's anti-virus programs, (aka a pattern recognition engine...).

It's the (theoretical?) software that can detect these types of attacks before or as they are happening that is of interest to lots of people now a days.

I don't see how code obfuscation would help you defeat sand-boxing.
> The tidal wave of data was traced to a pool of booby-trapped adverts that had been seeded with malicious code.

Ahem.

> He speculated that the attack had worked because its creators had joined one of the networks that piped adverts to people as they browsed the web.

AH-HEM!

Surprise Surprise! The Chinese President is in the US and suddenly there are scare stories popping up everywhere.

What a coincidence that CloudFlare decide to look at months old data and publish a story making China look bad, at the exact same time the Chinese President is visiting.

Remarkable timing.

Also shame on the BBC for a headline which implies there is an attack happening right now.

What a bunch of bullshit.

We didn't 'decide to look at months old data and publish a story'. This is one of N articles we are writing about DDoS attacks we've seen.

Also, whenever people say "X makes China look bad" where X is some sort of botnet I like to remind them that China is huge and has a quarter of Internet users and so a ton of machines. No surprise that there are a ton of machines that get used in botnets.

Why are they using a photo from a Korean running race/event?
I presume because it's an asian lady holding a phone and they didn't check much further than that (although the situation she is in would suggest an unwitting accomplice to a cyber attack in part perpetrated by said phone).
Note to future readers, the URL to the article was changed from BBC to Cloudflare itself. The photo in question is on the BBC article, not the current article.
So, block all ads is the only safe choice.