Feeds

DDoS attacks fall as crackers turn to spam

Baron Samedi and chums redeploy zombie armies

Securing Web Applications Made Simple and Scalable

Denial of service attacks are falling out of favour with black hat hackers because using compromised machines to send spam is a more lucrative - and less risky - way of making money illicitly.

Networks of compromised PCs can be used for purposes including relaying junk mail or flooding targeted websites with spurious traffic.

Symantec reckons the noticeable fall in denial of service attacks it witnessed in the second half of 2006 is down to the growing difficulty in launching such attacks, and getting victims to pay up even if these assaults are successful. Stealthier misuse of compromised PCs - such as sending spam - poses far less risk, the security firm argues.

Symantec recorded an average of 5,213 denial of service (DoS) attacks per day in the second half of 2006, down from 6,110 in the first half of last year. The US was the target of most DoS attacks accounting for 52 per cent of the worldwide total.

"DoS attacks are loud and risky. Whenever a bot-network owner carries out a denial of service attack they run the risk of losing some of their bots. This could happen either because an attacking computer is identified and disinfected, or if it is simply blocked by its ISP from accessing the network," Symantec researcher Yazan Gable notes in a posting to Symantec's Security Response Weblog.

Gable adds that the "up-front" costs in setting up a botnet before any hope of payment, as well as the possible loss of an entire bot network if a command and control server is identified, also act as a deterrent.

"It is likely that bot network owners are now moving away from DoS extortion and towards more lucrative ventures like spam. Not surprisingly, we saw a noted increase in spam volumes in the last six months of 2006," he added. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.