Feeds

Chinese cybercrooks offer DDoS-for-hire

Where do you want our zombies to go today?

Reducing security risks from open source software

Security researchers have unpicked the business plan behind a botnet that serves as the backend for a DDoS-for-hire business.

The IM DDoS service, hosted in China, offers the lease of a botnet for anyone keen to flood a targeted website via a handy-to-use web-based interface. Following the registration of domains in March 2010, testing of the botnet began in April 2010, closely followed by a commercial launch.

By the second week of August, the botnet was running 25,000 recursive DNS lookups/hour to its associated command-and-control (CnC) servers, a level of activity that put it front and centre on the radar of security firm Damballa.

As many as 10,000 additional compromised PCs were added to its ranks every day at and around this time, making it among the largest active botnets on the web.

DDoS-oriented botnets are par for the course. What differentiates the IM DDoS is its level of commercial sophistication in establishing a "managed services provider (MSP) for bespoke DDoS attacks," as Damballa describes it.

Damballa is working with Chinese authorities on taking down the botnet. In the meantime the security firm has published a white paper on the threat, which can be found here. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.