DoS Attacks Lose Cyber Criminals’ Preference

Attacks that flood Internet servers of companies with data or messages to crash down their communication systems are getting unpopular as they are no longer found profitable, a security firm said.

Symantec Corp., a computer and Internet security firm declared on April 27, 2007 that there was a sharp fall in the denial of service (DoS) attacks because it had low profits.

Botnet operators built with armies of compromised PCs called zombies carry out DoS attacks that inundate a site with traffic and information queries. These attacks result in slow down of sites and web services to shut them down eventually.

Criminals launch the first DoS attack on organizations to demand money and then threaten with more attacks if the company doesn't pay up.

Legislators have attended to this problem by passing laws in November 2006 that would impose more severe punishments for committing the crime.

According to Symantec, there has been a drop in the DoS attacks from 6,110 in the first six months of 2006 to 5,213 in the next six months of 2006.

Criminals are in trouble because the brute-force attacks are usually more expensive and inefficient for the operator of a botnet, said Symantec security engineer Yazan Gable. Carrying out a DoS attack induces a risk for a botnet owner to lose some of his bots, Gable said in an article that appeared in the company's security response blog. Itnews.com.au reported this on April 30, 2007.

Another problem that botnet operators encounter is when the target refuses to comply with the payment demand. In such a case the attacker loses time and resources in vain, Gable wrote.

Gable added that the decline in extortions from DoS attacks could also be because of more botnets put to send out large-scale spam mails.

However, while DoS attacks have come down in the latter half of 2006, spam volumes have increased, noted Gable.

Bot creators now focus more on spamming especially bulk e-mail scams to push up penny-stock prices. They also look to steal money account data. Researchers have found several underground Internet servers that sell credit card and other financial data.

Related article: Dixie College Suffers Data Hack

» SPAMfighter News - 5/4/2007