Your one-stop web resource providing safety and security information to manufacturers

It appears a vulnerability in, a video content provider, ended up leveraged by attackers this month to launch large-scale distributed denial of service (DDoS) attacks, researchers said.

Sohu, which translates as “search fox,” is China’s eighth largest web site. It provides online media, gaming, search, community and mobile services. While Sohu is not popular among users in the West, it’s currently number 27 of the most visited website in the world.

DDoS Attacks a Smokescreen for Data Theft
Users Breaching Security Policies
Execs Not Seeing All Security Facts: Report
DDoS Techniques Changing

The attackers found a cross-site scripting (XSS) vulnerability in Sohu.TV, the company’s video streaming service, said researchers at Incapsula. Sohu officials patched the hole after Incapsula notified them.

“Once we uncovered the source of the browser-based DDoS attack and replicated persistent XSS vulnerability that allowed it to occur we immediately went on to share our findings with Sohu security team,” Incapsula researchers said.

Schneider Bold

“With this information in hand Sohu team could quickly evaluate the problem and respond with a rapid patch which fixed the security hole, rendering this browser-based botnet completely useless,” the researchers said.

Incapsula discovered the attack technique after one of their customers suffered a DDoS attack involving 20 million GET requests coming from more than 22,000 web browsers.

The attackers didn’t compromise the computers of 22,000 users. Instead, they leveraged the persistent XSS flaw to inject JavaScript code into the tag associated with the images on Sohu profiles.

The profiles in question were able to post comments on popular videos. Each time one of these videos loaded, the malicious code embedded inside the profile image executed, launching a DDoS attack against the designated target.

The GET requests went out at a rate of one per second. With some videos up to 30 minutes long, and a large number of users were viewing the same video at any given time, it was enough to disrupt a website that didn’t use any DDoS protection.

Pin It on Pinterest

Share This