New URL Shortener Hijacks Browsers for DDoS

December 21, 2010 – 8:37 PM

In order to outline the dangers of implicitly trusting shortened URLs, a student has launched a service which generates links that take users to their destination, but also hijack their browsers for DDoS.  Called, the service is the creation of Ben Schmidt (@supernothing307), a computer science major at University of Tulsa, who describes himself as a security enthusiast.  The URL shortener was inspired by the recent distributed denial of service (DDoS) attacks launched by Anonymous and in particular the Web version of the group’s Low Orbit Ion Canon (LOIC) tool.  This recently created JavaScript-based LOIC allows people to voluntarily join a DDoS effort by visiting a Web page instead of installing an application on their computers.  The tool works by modifying an image tag’s src attribute in order to force the browser to continuously send HTTP requests to the targeted server.  Another motivation for his project, according to Schmidt, was the increasing number of obscure URL shorteners available to users.


You must be logged in to post a comment.