Cloud-based security service provider Incapsula detected a unique application layer DDoS attack, carried out using traffic hijacking techniques. The attack flooded one of their client with over 20 million GET requests, originating from browsers of over 22,000 Internet users. Attack was enabled by persistent XSS vulnerability in one of the world’s largest and most popular sites – Sohu.com – China’s eighth largest website and currently the 27th most visited website in the world. Attackers strategically posted comments on popular video pages, effectively created a self-sustaining botnet.
Source: https://thehackernews.com/2014/04/vulnerability-in-worlds-largest-site.html