Anyway, who's behind this attack? Let's track down a well known DDoS for hire provider currently operating 10 Black Energy DDoS botnets, and take an exclusive peek at his switchboard indicating that 4 of his botnets are currently set to attack Bobbear.co.uk only, proving that the attack may have well been outsourced. With cybercriminals so overconfident in their abilities to remain unnoticed so that they're using a well known botnet command and control server historically used to manage Zeus banker malware campaigns, it's fairly easy to connects the dots :
"Bob Harrison, the administrator of the Bobbear website, got in touch with me this weekend to tell me that his site was under fire from a distributed denial-of-service (DDoS) attack using compromised botnet computers around the world. The botnet is bombarding Bob’s website with traffic, effectively blasting it off the internet and making it impossible for legitimate visitors to reach the site.
"icmp_freq = 10 icmp_size = 2000 syn_freq = 10 spoof_ip= 0 attack_mode = 0 max_sessions = 30 http_freq = 50 http_threads = 4 tcpudp_freq = 20 udp_size = 1000 tcp_size = 2000 cmd = flood http bobbear.co.uk ufreq = 5 botid = (not set)"
The Bobbear.co.uk DDoS attack is only the tip of the iceberg, as while tracking down the source of the attack I've also managed to establish a direct connection between his DDoS for hire services and the DDoS attacks against the Georgian government, once again proving that DDoS and cybecrime in general is getting easier to outsource these days.