Slashdot Mirror

← Back to Stories (view on slashdot.org)

D0z.me — the Evil URL Shortener

Posted by Soulskill on from the has-its-own-goatee dept.

supernothing writes "DDoS attacks seem to be in vogue today, especially considering the skirmishes over WikiLeaks in the past few weeks. The size of a DDoS attacks, however, has historically been limited by how many computers one has managed to recruit into a botnet. These botnets almost universally require code to be executed on the participants' local systems, whether they are willing or unwilling. A new approach has been emerging recently, however, which uses some simple JavaScript to achieve similar ends. d0z.me is a new service that utilizes these techniques, but provides a unique twist on the idea. Posing as a legitimate URL shortening service, it serves users the requested pages in an iFrame, while simultaneously participating in a DDoS attack in the background. No interaction is required beyond clicking the link and staying on the page. This makes it relatively trivial to quickly mount large-scale DDoS attacks, and affords willing participants plausible deniability in the assault."

6 of 116 comments (clear)

  1. Re:Since its a redirect... by Hatta · · Score: 4, Informative

    No. If you visit the site, it loads javascript on your machine which does the DDOS from your machine. It's not a proxy.

    --
    Give me Classic Slashdot or give me death!
  2. Re:The joy of being a programmer... by Haedrian · · Score: 4, Informative

    You're going to be happy about it.

    "All code used on this site is released under the GPLv3, and is available here. "

    http://spareclockcycles.org/downloads/code/dosme.tar.gz

  3. Re:Am I doing it right? by Shikaku · · Score: 3, Informative

    http://d0z.me/

  4. Re:Since its a redirect... by Monkeedude1212 · · Score: 3, Informative

    Of course, I could be wrong about the referrer being present in requests made from Javascript, but I assume it should be there.

    Thats where you're wrong. Hooray for iFrames!

  5. Re:Since its a redirect... by TheRaven64 · · Score: 5, Informative

    The JS can create and destroy iframes pointed at the site. The browser will then load the site into the iframe, but the security model prevents the referrer field from being present in the iframe to avoid leaking sensitive information (for example, if you load adverts into an iframe while you have a URL with a session ID in it). If this isn't the default, then a silent redirect of the outer frame to an HTTPS URL will do it (aside from a recently-fixed bug in Safari, referrer is not provided to an HTTP URL when it is an HTTPS URL).

    --
    I am TheRaven on Soylent News
  6. Re:Since its a redirect... by tdobson · · Score: 3, Informative

    this is how it shows up in my apache logs:

    r00t.me.tld.fail:80 x.x.x.x - - [20/Dec/2010:23:04:08 +0000] "GET /?v=1292886248174 HTTP/1.1" 200 1888 "http://d0z.me/worker.js" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.215 Chrome/8.0.552.215 Safari/534.10"
    r00t.me.tld.fail:80 x.x.x.x - - [20/Dec/2010:23:04:11 +0000] "GET /?v=1292886251634 HTTP/1.1" 200 1888 "http://d0z.me/worker.js" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.215 Chrome/8.0.552.215 Safari/534.10"