Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Doz.me Can Launch DDoS Attacks Using Shortened URLs

by Terrence O'Brien on December 23, 2010 at 06:30 AM

d0z.me
We're all well aware of the dangers posed by URL shorteners, namely in their potential to mask malicious links. But hacker Ben Schmidt, inspired by the media attention garnered by the pro-WikiLeaks DDoS attacks, has found a new and potentially more worrisome use for shortening services. His proof-of-concept site, d0z.me, looks and acts like any other URL shortener from the perspective of someone clicking on the link. But, behind the scenes, it's quietly initiating a DDoS attack on a target of the link-creator's choosing. A form asks you to pick a destination link and a target for attack. The resulting shortened URL links to the chosen page and covertly launches a Javascript-powered attack on the target site, without the user knowing.

This could provide a quick and easy way for hackers to enlist an army of attackers for a DDoS strike -- potentially even without their knowledge. The attacker could simply share the link, which would simplify the act of launching an attack for willing participants, or trick other users by linking to viral content and hoping that they then post the link. In a disclaimer posted on the site, Schmidt claims that d0z.me is simply a demonstration of how easy it is to orchestrate a DDoS attack without actually having to infect a single PC, or having to take control over a traditional botnet by spreading malware. We wouldn't worry about your links shared with bit.ly just yet, but it's advisable to be suspicious of any links coming from unfamiliar URL-shortening services.

Tags: BenSchmidt, d0z.me, ddos, security, top, web

HuffPost AOL Social News Most Popular