The quantity of distributed denial-of-service attacks launched for the purpose of extortion has fallen, according to security vendor Symantec.
A distributed denial-of-service (DDoS) attack uses a network of compromised computers, known as a botnet, to send a large number of packets to a site, causing its server to fall over. Some attackers try to extort money from the site by threatening to launch another attack. However, DDoS attacks are becoming less frequent because of increasing risks to attackers, according to Symantec.
"In the last six months of 2006 we saw a pretty sharp decline in the daily number of denial-of-service attacks. Although there are likely a number of factors at play here, I think there is one primary factor: denial-of-service extortion attacks are no longer profitable," wrote the vendor's security response engineer Yazan Gable in a blog post.
"DDoS is a risky business," Ollie Whitehouse, a Symantec research scientist told ZDNet UK. "DDoS attacks can show how big the attacker's botnet is, and where it's located. There's a risk of the attacker being identified not only by the target and their ISP, but also by their own ISP."
Botnets take time and money to assemble, and increasingly hackers are unwilling to risk DDoS attacks, opting instead for the relatively easy money to be gained from spamming. Revenue gained from phishing and direct sales through spam is increasing, said Symantec. As email spam filter technologies have become more advanced, spammers have turned to easier targets such as blogs. "It's very easy to jump on a blog with an established base and spam that," said Whitehouse.
Detective chief inspector Charlie McMurdie, of the Metropolitan Police Specialist Crime Directorate E-crime Unit, said that DDoS extortion attempts are still being reported to the police but that, without a national unit to collate e-crime information, it was difficult to get an accurate picture of the problem. "We're still having reports made to us, but obviously that's only the tip of the iceberg," McMurdie told ZDNet UK. "We are still receiving reports of attacks, but we've got no national collation of law-enforcement figures as yet."