D0z.me — the Evil URL Shortener

supernothing writes "DDoS attacks seem to be in vogue today, especially considering the skirmishes over WikiLeaks in the past few weeks. The size of a DDoS attacks, however, has historically been limited by how many computers one has managed to recruit into a botnet. These botnets almost universally require code to be executed on the participants' local systems, whether they are willing or unwilling. A new approach has been emerging recently, however, which uses some simple JavaScript to achieve similar ends. d0z.me is a new service that utilizes these techniques, but provides a unique twist on the idea. Posing as a legitimate URL shortening service, it serves users the requested pages in an iFrame, while simultaneously participating in a DDoS attack in the background. No interaction is required beyond clicking the link and staying on the page. This makes it relatively trivial to quickly mount large-scale DDoS attacks, and affords willing participants plausible deniability in the assault."

Re:Since its a redirect...

[icebike]

Well, like any other DDOS, you are screwed. Your ISP won't even help you if you are just a small fry, figuring anything you did to piss that many people off is your own damn fault.

If you are a big customer, and the traffic generated by the DDOS is easily distinguishable from normal traffic (does not look like legitimate web hits) they might help.

It really is amazing that after all these years, there is no DDOS defense.