Recent Entries
Topics
Recommended links

RSS icon Subscribe

» View my profile
Technorati

del.icio.us My links on del.icio.us

Tags
antivirus application security auditing botnets breaches cloud computing DNS encryption forensics humor interesting Linux Malware marketing network pdf pentest phishing php Privacy rant reference security education software spam ssl standards sysadmin tool tools trends ubuntu Virtualization virtualization security vmware vulnerabilities vulnerability+assessment web web application security webappsec web security windows Windows security wireless xss

« Previous article — Next article »

Spam more profitable than extortion?

May 1st, 2007 Posted by D Webber

Spam sent directly from botnets is rising and the use of botnets to perform denial of service extortion is declining, according to a blog article posted last week by Symantec.

According to Symantec there was “a pretty sharp decline in the daily number of denial of service attacks” during the second half last year, possibly because DoS attacks are too noisy… using a botnet to flood a web site offline results in traffic that gets noticed, possibly resulting in the compromised machines getting cleaned. If investigators trace the bots back to the command and control machines, the entire botnet can be lost or, worst case, the bot herder may even wind up in jail.

Denial of service has been difficult to defend against. Anyone in control of a few thousand bots can sustain a denial of service attack long enough to destroy most small web-based businesses. Many companies threatened with an attack just pay the criminals to go away rather than risk being forced offline.

Most extortion targets have been online gambling and porn sites, which law enforcement may not be eager to help (the classic story is the excellent 2003 article published in CSOnline “How a bookmaker and a whiz kid took on an extortionist – and won“). More “legitimate” businesses are targets too… Internet Provider “Cloud Nine” closed permanently after sustained DoS attacks in 2002 and countless other businesses have been extorted and not reported it to authorities.

Using bots to send spam is less likely to be noticed by the computer owner or ISP and, unlike denial of service attacks, spam is rarely reported back to the originating ISP. Since it looks like no amount of end-user education will ever stop people buying the crap advertised via spam or stop businesses from hiring spammers to flood inboxes, I guess it makes sense that spamming is a less risky way for criminals profit from the 150 million compromised machines under their control.

Interesting that right now several government web sites in Estonia are being DDoS’d, apparently due to a political dispute.

Related posts:

Posted in Malware |
Tags: , ,

Comments for this article are closed.


Article contents copyright © Advosys Consulting Inc. Comments are copyright of the author
Icons courtesy Wikimedia Commons and are copyright of their authors.