The popular British anti-fraud site Bobbear.co.uk is currently under a DDoS attack (distributed denial of service attack) , originally launched last Wednesday, and is continuing to hit the site with 3/4 million hits daily from hundreds of thousands of malware infected hosts mostly based in Asia and Eastern Europe, according to the site's owner. Targeted DDoS attacks against anti-fraud and volunteer cybercrime fighting communities clearly indicate the impact these communities have on the revenue stream of scammers, and with Bobbear attracting such a high profile underground attention, the site is indeed doing a very good job.
Anyway, who's behind this attack? Let's track down a well known DDoS for hire provider currently operating 10 Black Energy DDoS botnets, and take an exclusive peek at his switchboard indicating that 4 of his botnets are currently set to attack Bobbear.co.uk only, proving that the attack may have well been outsourced. With cybercriminals so overconfident in their abilities to remain unnoticed so that they're using a well known botnet command and control server historically used to manage Zeus banker malware campaigns, it's fairly easy to connects the dots :
"Bob Harrison, the administrator of the Bobbear website, got in touch with me this weekend to tell me that his site was under fire from a distributed denial-of-service (DDoS) attack using compromised botnet computers around the world. The botnet is bombarding Bob’s website with traffic, effectively blasting it off the internet and making it impossible for legitimate visitors to reach the site.
"icmp_freq = 10 icmp_size = 2000 syn_freq = 10 spoof_ip= 0 attack_mode = 0 max_sessions = 30 http_freq = 50 http_threads = 4 tcpudp_freq = 20 udp_size = 1000 tcp_size = 2000 cmd = flood http bobbear.co.uk ufreq = 5 botid = (not set)"
The Bobbear.co.uk DDoS attack is only the tip of the iceberg, as while tracking down the source of the attack I've also managed to establish a direct connection between his DDoS for hire services and the DDoS attacks against the Georgian government, once again proving that DDoS and cybecrime in general is getting easier to outsource these days.