Home > techcrunch > “Evil” D0z.me URL Shortener Facilitates DDoS Attacks

“Evil” D0z.me URL Shortener Facilitates DDoS Attacks

December 21st, 2010 12:27 admin Leave a comment Go to comments

Conceptual hacker Ben Schmidt has combined his interest in the recent spate of DDoS attacks surrounding the WikiLeaks dump as well as what he holds to be the public’s increasing over-reliance on URL shorteners and created D0z.me. D0z.me is  a “proof-of-concept” URL shortener that attacks a server while re-routing links.

In theory, potential attackers could visit d0z.me and submit a link they wanted to share as well as the URL of a server they wanted to attack. When users click on the link, they are redirected to the requested site with the addition of a invisible iFrame that unleashes a LOIC-canon like Javascript DoS that runs while the user is browsing. The malevolent script runs for as long as a user continues browsing from a page and is even more potent when run from an HTML5 browser.

Attackers interested in scaling attacks would then share this text with as many people as possible with the objective of either creating content that would go popular (tricking users to share the link) or have people voluntarily involve themselves in the distributed attack by clicking on the link.

Schmidt makes it clear that his tool is just an illustration of how easy orchestrating something like this and getting people to attack could be. He also includes a message for people who have an nasty sense of irony and are pondering using the tool to DoS his own site: “Let’s just save each other the time and hassle and say that you win, theoretical attacker. Congratulations.”

Source: “Evil” D0z.me URL Shortener Facilitates DDoS Attacks

Related Articles:

  1. D0z.me — the Evil URL Shortener
  2. DDoS Attacks Exceed 100 Gbps For First Time
  3. Chrome Feature Helps Shield Websites From DDoS Attacks
  4. A Live Map of Ongoing DDoS Attacks
  5. 19,000 French Websites Hit By DDoS, Defaced In Wake of Terror Attacks
blog comments powered by Disqus