Zero Day

Ryan Naraine and Dancho Danchev

DDoS extortion-themed scam circulating

By Dancho Danchev | August 18, 2010, 10:58am PDT

Summary: Symantec has intercepted a scam attempt, relying on scare tactics in order to trick domain owners into transferring virtual money, or face a distributed denial of service attack against their web site.

Symantec has intercepted a scam attempt, relying on scare tactics in order to trick domain owners into transferring virtual money, or face a distributed denial of service attack against their web site.

Sample message:

“You are welcomed with a command of hackers ZeleniyHach. We hold a huge network of Distributed Denial Of Service Attack, allowing to suspend any web site. We have been watching (domainname.com) and were able to find out that you have spent pretty money much for its advancement and want to to offer you to spend a little more yet. Just as little as 200 bucks as a voluntary donation to our fund will keep your web site away from DDOS attack. 200 bucks is not so much also will help you to avoid greater problems in the future.FOR DULLS..!!! IF YOU DO NOT OFFER TO US 200 bucks WE WILL KILL YOUR WEB SITE! Unfortunately, we accept only Webmoney Paymer Cheks, so make sure to get your fat asses out and without assistance find out how to transfer money into it. We give you 48 hours. If after 48 hours we will not get 200 dollars, there is one more 0 will be added to 200 bucks, i.e. 2000 bucks and so on until you come to reason. When you are ready, just send the check as your response to this message. In subject matter of the letter specify the domain with greater letters, it is a lot of you We are the one, respect our work.”

Despite the presence of “financial penalties”, which is a popular tactic used in professional DDoS extortion letters, this spamvertised campaign is a clear attempt to scam the user, meaning there’s a low probability that the scammers have the DDoS capabilities they’re referring to.

As far as the serious underground market players are concerned, in May, 2010, a study conducted by VeriSign’s iDefense Intelligence Operations Team, concluded that the average price for renting a botnet is $67 for 24 hours, and $9 for hourly access. And although their findings entirely depend on the underground service in question/long term or short term contracting, the conclusion is rather simple - renting botnets is getting cheaper, due to the never-ending supply of malware-infected hosts.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Verizon DBIR challenge clue #3

HD Moore: Critical bug in 40 different Windows apps

Topics

Cybercrime, Scam, 419 Scam, Distributed Denial Of Service, Security, DDoS, Cyberthreats, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.