Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: An Ad for DDoS Services - Network, Phone, Competition - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
An Ad for DDoS Services - Network, Phone, Competition

The oldfashioned way to launch a network DDoS attack involved building one's own bot network that would flood the victim with unwanted traffic. However, the illicit marketplace for such services has matured, allowing a person to purchase DDoS services on demand, effectively renting a botnet for the event.

Here's one ad for such services. It's in Russian; the translation follows.

DDoS Ad

The ad scrolls through several messages, including:

"Will eliminate competition: high-quality, reliable, anonymous."
"Flooding of stationary and mobile phones."
"Pleasant prices: 24-hours start at $80. Regular clients receive significant discounts."
"Complete paralysis of your competitor/foe."

Perhaps the most interesting aspect of the advertised service is the offer to flood the victim's phones. We often think of network-based DDoS attacks, but phone-based DDoS could be as devastating. If the service can, indeed, target stationary (landline) phones, then we're not just talking about SMS-based floods. These would probably be actual phone calls, probably initiated using VoIP, maybe via stolen Skype accounts with dial-out credits. Anyone knows more about such phone attacks?

-- Lenny

Lenny Zeltser
Security Consulting - SAVVIS, Inc.

Lenny teaches a SANS course on analyzing malware.

Lenny

216 Posts
ISC Handler
At old $orkplace we had a Nortel team that regularly dealt with compromised PBX'. Usually discovered when they phonebill arrived and was in the order of $30000.

Not sure of the exact metrics of the calls, but they were usually to Russia, Brazil or China.

Part of DDoS or just regular calls stolen through the PBX? I don't know.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!