Online underground markets seem to offer anything and everything a budding cyber criminal might need.
Lately, DDoS attacks have stopped being just a protest tool for hacktivists, and have become a way for cyber crooks to disrupt Bitcoin exchanges, target anti-spam organizations, the gambling websites, and so on.
Naturally, malware developers are trying to meet a rise in demand for DDoS botnet-creating tools and DDoS-as-a-Service schemes.
Webroot’s Dancho Danchev has been monitoring the situation, and has noted that a particular IRC/HTTP based DDoS bot has been on offer since late 2012, and has been constantly developed and improved.
“From its initial IRC-based version, the bot has evolved into a HTTP-based one, supporting 10 different DDoS attack techniques as well as possessing a featuring allowing it to heuristically and proactively remove competing malware on the affected hosts, such as, for instance, ZeuS, Citadel or SpyEye,” he shares.
The author claims the bot is “perfect for infecting Windows machines”, and “features some of the best, most advanced DDoS tactics available on the market that will take down webservers, gaming servers, teamspeak/VoIP servers, home connections, etc with ease.”
Priced at $100 for the IRC version and at $300 for the HTTP one, the offer is a bargain. Still, cyber criminals being what they are, they ultimately cracked the software and made it available to the members of these markets for free.
“What we’ve got here is yet another example of a technically flawed licensing model for malicious software, allowing fellow cybercriminals to undermine the vendor’s entire business model. Whether competing vendors of malware/crimeware releases targeted by this bot will take action or not, will entirely depend on the market share that it succeeds in securing, once again, thanks to its affordable price,” says Danchev.
I would venture to guess that these competing vendors were behind the cracking.