Denial-of-service attacks against online service providers have declined, suggesting that extortion attacks don't pay, a security engineer at Symantec stated in the company's blog on Thursday.
The brief analysis attempts to explain a 15 percent decline in attacks noted by the company's bi-annual Internet Security Threat Report. Symantec, which owns SecurityFocus, witnessed a drop, from 6,110 denial-of-service (DoS) attacks in the first half of 2006 to 5,213 attacks in the latter half of 2006.
"The thing is that DoS attacks are loud and risky," Yazan Gable, security response engineer for Symantec, stated in the blog post. "Whenever a bot-network owner carries out a denial of service attack they run the risk of losing some of their bots."
Bot masters are increasingly focusing on spamming -- especially bulk e-mail campaign designed to pump up penny-stock prices -- and stealing financial account data. Researchers have discovered a number of underground e-commerce servers on the Internet that attempt to sell credit-card and financial information. Security firm SecureWorks found that prices varied from about $30 for the log-on credential for a small e-commerce company to $250 for the account information for a major financial institution. Symantec has pegged prices at a more modest $1 to $6 for U.S. credit-card numbers with verification PIN and $14 to $18 for more complete personal information, including bank account information and Social Security numbers, according to the company's Internet Security Threat Report.
Gable noted that, while denial-of-service attacks have decreased in the last six months of 2006, spam levels have jumped.
Posted by: Robert Lemos