Malicious web advertisements can be used to build large, difficult to track and dirt-cheap botnets, researchers say.
Threat Intelligence founder Ty Miller who travelled to Blackhat said the attacks were difficult to block meaning they could lead to extortion attempts.
"This may lead to an increase in extortion attempts since the attack is quite stealthy and hard to block."
That file could be modified after the ad network evaluated and cleared the code.
Their code by way of an FTP URL boosted a web browser's number of connections, exceeding the number normally allowed and increasing the power of denial of service attacks.
"This then amplifies the attack hundreds of times again," Miller said.
Those behind such attacks may possibly only be traced by way of tracking down the payment information used to buy the malicious ads.
The Register reported the live Black Hat demonstration had some 256 concurrent connections to one Apache Web Server and more than a million connections were made in the hour.
Miller said traditional botnets cost about $350 a day to run DDoS attacks, whereas the 'browser botnet' used public resources and required minimal skills.