Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why is this shady actor building a JavaScript botnet?
4 points by 55555 on June 13, 2016 | hide | past | favorite | 2 comments
I run ChooseJarvis.com with my partner and our team. It's a social media automation tool. That's not relevant at all, it's just my job to tell you that.

Our referrer logs show tons of hits from:

http://cookie-law-enforcement-ii.xyz/

This is classic referrer spam.

The above site links to

http://cookie-consent.org/?lang=en

Which is a mini marketing project of

http://front.to/

Which according to ahrefs and google, nobody has ever heard of.

Looks to me like they're building a massive Javascript botnet.

Why?

There's a lot of things you can do, right? Keylog all website visitors (?), replace all adsense units with your own ads, use all the clients/visitors as a DDOS botnet, click fraud (?), serve downloads, serve exploits, etc...

The developers/websites have a sort of effortless polish that makes me more curious than I would otherwise be.

If this is indeed shady, and it looks like it, this is scary. I imagine a LOT of webmasters might fall for this.



So front.to doesn't see to be changing the JS you upload (yet) but the js file at cookie-consent.org is interesting ( //cdn.front.to/libs/cookieconsent.min.js ) got google analytics in there, and of course could be changed to run whatever at any time... Maybe someone could use that to identify more about this shady actor?

un-minified js: https://gist.github.com/benmcnelly/8e56aa308bef72c7aa007b7c1...


Here's the original https://github.com/silktide/cookieconsent2/blob/1.0.9/cookie... It seems they are actually injecting that google analytics part.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: