Online advertising networks could be used to enlist millions of unsuspecting Web surfers in attacks on other websites, a demonstration at the Black Hat security conference in Las Vegas showed on Wednesday.

Researchers Jeremiah Grossman and Matt Johansen of WhiteHat Security staged an attack on a test Web server simply by paying two online ad networks to display treacherous advertisements on pages visited by hundreds of thousands of people. The ads included simple JavaScript code that makes a browser that loads the ad also repeatedly access an image on the test Web server.

It didn’t take long for the victimized test server to begin struggling under the sudden load. In the first hour of the test, during which only $2 was spent on ads, more than 130,000 connections from browsers swamped the server. It wasn’t much longer until the server began falling offline under the growing load.

JavaScript is a common programming language used on websites and in ads for everything from creating interactive features to tracking when people load or engage with a page. Although some ad networks don’t allow JavaScript to be inserted into ads, many do because it is so commonly used. Networks that do allow JavaScript don’t inspect it closely, says Johansen, and would be unlikely to notice anything suspect with his code.

“We did not hack anybody; we used the way the Web works and brought down our own server,” said Johansen. “We’re just loading images as quickly as possible.”

The test server wasn’t protected by the specialized tools used by some sites to defend against so-called denial of service attacks. However, Johansen said that the low cost of this type of attack and reach of online networks suggest it could be easily scaled up. “It’s really not that much money to do real damage to real sites on the internet.”

Johansen and Grossman are now working on a more audacious demonstration: using the same approach to farm out the work of “cracking” encrypted passwords like those often stolen from online services in breaches like that suffered by LinkedIn earlier this year. JavaScript code can be used to work on passwords, and Johansen said that it would be easy to get that code into an ad and have unsuspecting Web surfers perform the necessary work.

At the typical prices for online ads—about 50 cents for 1,000 views—just $500 is enough to get a million contributors, he pointed out. The pair plans to test the attack against more powerful Web servers that have protections against denial of service attacks.

Grossman said the toughest question raised by the technique is not how to solve it, but who’s to blame for the vulnerability. Unlike most new attacks presented at Black Hat, it isn’t enabled by a failing in any one company’s technology. Ad networks, browser designers, and Web protocols all enable this style of attack, he said.

“Who’s problem is this? We don’t really know.” Users duped by such an attack can remove themselves from that conundrum by using software to block ads and JavaScript, said Grossman.

Jeff Debrosse, director of security research at online security company Websense, was less equivocal about who should address the issue. “It is up to the ad networks to remedy this solution,” he said, pointing out that the new research shows that ad networks that block custom code are correct to do so.

Because the attack makes use of legitimate design features of the Web, it could be very stealthy, and difficult for existing security software to detect, said Debrosse. “The JavaScript code only runs when the ad is being displayed,” he said. “If a security tool visits the URL when it is not serving the content, it will most likely mark the site as clean.”