June 6, 2012Dancho Danchev By Dancho Danchev

DDoS for hire services offering to ‘take down your competitor’s web sites’ going mainstream

Thanks to the increasing availability of custom coded DDoS modules within popular malware and crimeware releases, opportunistic cybercriminals are easily developing managed DDoS for hire, also known as “rent a botnet” services, next to orchestrating largely under-reported DDoS extortion campaigns against financial institutions and online gambling web sites.

In this post, I’ll profile a managed DDoS for hire service, offering to “take down your competitor’s web sites offline in a cost-effective manner”.

More details:

Screenshots of the DDoS for hire/Rent a botnet service:

The managed service is currently offering HTTP (GET, POST), Download, ICMP, UDP, and SYN flooding features, using what they’re pitching as private tools operated by expert staff members. Before a potential customer is interested in purchasing a DDoS attack for hire, the service if offering a 15 minute test to the customer in order to prove its effectiveness.

What about the prices?

  • The price for 1 hour or DDoS attack is $5
  • The price for 24 hours of DDoS attack is $40
  • The price for 1 week of persistent DDoS attack is $260
  • The price for 1 month of persistent DDoS attack is $900
The service is also offering 5%, 7%, 10% and 15% discounts to prospective customers, with a return policy based on the remaining time from the originally purchased package.
The service profiled in this post, is the tip of the iceberg when it comes to the overall availability of DDoS for hire managed services within the cybercrime ecosystem. This fierce competition prompts for unique client acquisition tactics, such as offering complete anonymity throughout the purchasing and post-purchasing process in order to ensure that anyone can request any target, including high profile ones, to be attacked.
Moreover, although the service is undermining the OPSEC (operational security) of the proposition by advertising on public  forums, the business model of the competition is often driven by invite-only sales, where prospective customers are  trusted and verified as hardcore cybercriminals with a significant credibility within the cybercrime ecosystem. These competing services even offer the possibility to a target government or law enforcement web sites, despite the fact that their botnet’s activity will be easily spotted by security vendors and law enforcement agencies.
Instead of exposing their main botnets and potentially risking their exposure, the cybercriminals behind these campaigns have been developing the “aggregate-and-forget” botnet model for years. These botnets that never make the news, are specifically aggregated for every customer’s campaign in order to prevent the security community from properly attributing the source for the attack, taking into consideration the historical malicious activity performed by an already monitored botnet.

Webroot will continue monitoring the development of the DDoS for hire service profiled in this post.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

How do I go about DDosing someone who is ddosing me?


  1. […] to disrupt a competing firm’s mobile communications with its potential clients just like DDoS attacks do, the service also has the capability to assist in a situation where a cybercriminal is about to […]

  2. […] modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime […]

  3. […] DDoS for hire services offering to ‘take down your competitor’s web sites’ going m… – Dislike the competition? Want to directly affect their revenues? It’s never been easier to launch a Distributed Denial of Service (DDoS) attack against them, thanks to an evident increase in the overall availability of DDoS for hire services. Next to the availability, it’s worth emphasizing on the relatively cheap prices for requesting such types of attacks. Thanks to the penetration pricing schemes introduced by novice cybercriminals who want to achieve financial liquidity for their assets (malware infected hosts), before they lose access to them, one way or another. We expect to see a systematic decrease of these prices, next to an increase in the overall number of unique services offering DDoS for hire services. […]

  4. […] Dancho Danchev – http://www.blog.webroot.com Thanks to the increasing availability of custom coded DDoS modules within popular malware and […]

  5. […] This creates a huge dilemma for online stores. When it comes to digital stores, no one has to fight fair anymore. It’s no longer just about search engine ranks, businesses can easily pull out the dirty tricks and employ a DDoS service against a competitor. In happens in SEO. And it’s definitely being used by businesses to disrupt the competition. […]