Anti fraud site hit by a DDoS attack

Bobbear DDoS AttackThe popular British anti-fraud site is currently under a DDoS attack (distributed denial of service attack) , originally launched last Wednesday, and is continuing to hit the site with 3/4 million hits daily from hundreds of thousands of malware infected hosts mostly based in Asia and Eastern Europe, according to the site’s owner. Targeted DDoS attacks against anti-fraud and volunteer cybercrime fighting communities clearly indicate the impact these communities have on the revenue stream of scammers, and with Bobbear attracting such a high profile underground attention, the site is indeed doing a very good job.

Anyway, who’s behind this attack? Let’s track down a well known DDoS for hire provider currently operating 10 Black Energy DDoS botnets, and take an exclusive peek at his switchboard indicating that 4 of his botnets are currently set to attack only, proving that the attack may have well been outsourced. With cybercriminals so overconfident in their abilities to remain unnoticed so that they’re using a well known botnet command and control server historically used to manage Zeus banker malware campaigns, it’s fairly easy to connects the dots :

“Bob Harrison, the administrator of the Bobbear website, got in touch with me this weekend to tell me that his site was under fire from a distributed denial-of-service (DDoS) attack using compromised botnet computers around the world. The botnet is bombarding Bob’s website with traffic, effectively blasting it off the internet and making it impossible for legitimate visitors to reach the site.

Bobbear DDoS AttackMorever, as you can see in this exclusive screenshot attached, 4 of their botnets are currently set to attack using the following preferences :

“icmp_freq = 10
icmp_size = 2000
syn_freq = 10
spoof_ip= 0
attack_mode = 0
max_sessions = 30
http_freq = 50
http_threads = 4
tcpudp_freq = 20
udp_size = 1000
tcp_size = 2000
cmd = flood http
ufreq = 5
botid = (not set)”

The DDoS attack is only the tip of the iceberg, as while tracking down the source of the attack I’ve also managed to establish a direct connection between his DDoS for hire services and the DDoS attacks against the Georgian government, once again proving that DDoS and cybecrime in general is getting easier to outsource these days..

[Source: zdnet]