Threatpost: Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic.
The attack on the unnamed site involved the use of injected Javascript on the site which would execute in a user’s browser whenever he views a profile image that contains the Javascript. Once the code runs, it then fires off an embedded iframe with a DDoS tool that sends a GET request to the target sites. The attacker embedded the malicious code in his own profile image on the video site, and then posted a comment on hundreds of videos so that his profile image appears next to the comment.