Abstract
In this paper, we identify and evaluate the potential of new distributed attacks launched through web browsers using the HTML5 Web Workers API. Web worker attacks rely on the new multi-threading capabilities of Web Workers, which can allow malicious JavaScript code to run in the background of a web page without impacting foreground JavaScript performance or user experience. These background computing tasks can be used to launch application-layer DDoS attacks or offload computationally intensive attack tasks, such as password cracking, to the browsers of users visiting a compromised website. These attacks do not harm the compromised users directly but offer a potential path for attackers to gain control of large pools of computing resources, similar to botnets. We evaluate the feasibility of using online advertisement services to gain access to such computing pool and quantitatively evaluate the economics of these attacks and point out the key factors affecting the cost effectiveness of launching attacks through Web Workers in comparison with cloud computing or rented botnets.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
