By Robert McMillan
October 14, 2009
IDG News Service
Cyber-crime just doesn't pay like it used to.
Security researchers say the cost of criminal services such as
distributed denial of service, or DDoS, attacks has dropped in recent
months. The reason? Market economics. "The barriers to entry in that
marketplace are so low you have people basically flooding the market,"
said Jose Nazario, a security researcher with Arbor Networks. "The way
you differentiate yourself is on price."
Criminals have gotten better at hacking into unsuspecting computers and
linking them together into so-called botnet networks, which can then be
centrally controlled. Botnets are used to send spam, steal passwords,
and sometimes to launch DDoS attacks, which flood victims' servers with
unwanted information. Often these networks are rented out as a kind of
criminal software-as-a-service to third parties, who are typically
recruited in online discussion boards.
DDoS attacks have been used to censor critics, take down rivals, wipe
out online competitors and even extort money from legitimate businesses.
Earlier this year a highly publicized DDoS attack targeted U.S. and
South Korean servers, knocking a number of Web sites offline.
Are botnet operators having to cut costs like other businesses in these
troubled economic times? Security researchers don't know if that's been
a factor, but they do say that the supply of infected machines has been
growing. In 2008, Symantec's Internet sensors counted an average of
75,158 active bot-infected computers per day, a 31 percent jump from the
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News