The upside for attackers is that the botnet is random with no command-and-control server that defenders could take down. Grossman says he is uncertain whether it would be possible forensically to track down the ad at the center of such a botnet and ultimately track it to the individuals who bought the ad. "You could be tracked by who paid for the guilty ad," he says.
Ad blockers that are used to speed up the loading of Web pages and make them less annoying to users could become a security tool if this technique catches on, Grossman says, but he didn't have a way to stop such attacks. "We used the way the Web works and took down our own server," he says.
Sign up for Computerworld eNewsletters.