Million Browser Botnet

Explore the dark potential of online advertising networks in this eye-opening LASCON conference talk. Discover how easily attackers can create massive JavaScript-driven browser botnets for pennies, leveraging ad networks to distribute malicious code at scale. Learn about the various attack vectors, including DDoS, email spam campaigns, hash cracking, and password brute-forcing, all achievable through simple HTML5 and JavaScript. Understand the power of Cross-Site Request Forgery (CSRF) attacks that require no zero-days or malware, leaving no traces behind. Examine the evolution of web attack methods and why advertising networks present a uniquely scalable and invisible threat. Dive into topics such as JavaScript malware, de-anonymization, intranet hacking, web workers, and distributed services. Witness live demonstrations of botnet creation and control, and grasp the implications of this easily accessible attack vector for web security.

Introduction
JavaScript Malware
CSRF
De Anonymize
intranet packing
web workers
distributed to service
demo
distribution
ad networks
browser time networks
ad network
admin panel
ad
concurrent connections
Akamai
Results