Did you know hackers are openly competing to offer illicit services that can take down a rival online business or settle a score?
Well, according to security expert Brian Krebs, there are currently dozens of “underground” forums where members advertise their ability to execute debilitating DDoS attacks – for a price.
The average rate for knocking a web site offline is approximately $5-$10 per hour, $40-$50 per day, $350-$400 a week and over $1,200 per month.
“The unwitting conscripts in these cyber armies are hacked PCs that the service owners remotely control via malicious software,” explained Krebs.
“Some DDoS services disclose how many bots they have corralled into their armies, [with] one service claiming average in-line bots from 1,500 – 5,000 bots, enough to work on challenging projects with an anti-DDoS protection.”
Of course, interested parties can also purchase a do-it-yourself DDoS kit, such as the one offered by one Russian entity, which includes a bot builder and Web-based admin panel.
The Darkness bot is continuously updated by coders and is capable of configuring infected machines to be used in four types of DDoS attack “at a moment’s notice.” And yes, the bot is also designed to steal passwords stored by Web browsers as well as Windows apps.
“Our bot has almost no load on the system, allowing it to remain invisible for very long,” the Darkness team claims in its ads. “[Plus, it] is lightweight and gets along well in the system.”
Obviously, potential customers should read the fine print before entering into any contract.
“Most DDoS services charge varying rates depending on the complexity of the target’s infrastructure, and how much lead time the attack service is given to size up the mark,” warned Krebs.
“Still, buying in bulk always helps: One service advertised on several fraud forums offered discounts for regular and wholesale customers.”
