[ISN] DDoS attacks fall as crackers turn to spam

From: InfoSec News (alerts@private)
Date: Wed May 02 2007 - 23:23:04 PDT


http://www.theregister.co.uk/2007/05/02/dos_trends_symantec/

By John Leyden
2nd May 2007

Denial of service attacks are falling out of favour with black hat 
hackers because using compromised machines to send spam is a more 
lucrative - and less risky - way of making money illicitly.

Networks of compromised PCs can be used for purposes including relaying 
junk mail or flooding targeted websites with spurious traffic.

Symantec reckons the noticeable fall in denial of service attacks it 
witnessed in the second half of 2006 is down to the growing difficulty 
in launching such attacks, and getting victims to pay up even if these 
assaults are successful. Stealthier misuse of compromised PCs - such as 
sending spam - poses far less risk, the security firm argues.

Symantec recorded an average of 5,213 denial of service (DoS) attacks 
per day in the second half of 2006, down from 6,110 in the first half of 
last year. The US was the target of most DoS attacks accounting for 52 
per cent of the worldwide total.

"DoS attacks are loud and risky. Whenever a bot-network owner carries 
out a denial of service attack they run the risk of losing some of their 
bots. This could happen either because an attacking computer is 
identified and disinfected, or if it is simply blocked by its ISP from 
accessing the network," Symantec researcher Yazan Gable notes in a 
posting to Symantec's Security Response Weblog.

Gable adds that the "up-front" costs in setting up a botnet before any 
hope of payment, as well as the possible loss of an entire bot network 
if a command and control server is identified, also act as a deterrent.

"It is likely that bot network owners are now moving away from DoS 
extortion and towards more lucrative ventures like spam. Not 
surprisingly, we saw a noted increase in spam volumes in the last six 
months of 2006," he added.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Wed May 02 2007 - 23:29:21 PDT