SC Magazine reports that mobile devices were enlisted into a DDoS botnet and delivered a max hit rate of 275,000 HTTP GETS/minute to the target. The total hits were around 4.5B, so that works out to about 7 hits/mobile device. The theory is that an ad-serving network was used to deliver a malicious Javascript attack script to unwitting mobile users, most of whom originated off Chinese IPs. Of course, there was a related story earlier this year about the big Chinese search engine, Baidu, which was used to deliver similar DDoS Javascripts in search results to enforce censorship rules on people. As a state-level actor, Baidu could be fairly interesting in such a ‘use case’. But then, so could Google. Geolocation of IPs might be helpful in deciding what kind of search result to deliver.
Magnus knocks down these types of attacks readily through its active countermeasure features, which themselves have been tested successfully at 2,000,000 hits/minute (7X more than the attack discussed here).