A DDoS (distributed denial-of-service) bot called Darkness, which can be used to put websites offline, has been released for free on cyber-criminal forums.
This botnet tool, which attacks websites by creating a high number of page requests to let servers reach their maximum capacity and force them to crash, is very popular in hacker community because it’s more effective than many other tools.
This means DDoS attacks are now both easier and cheaper to run, and the potential threat to individuals and organizations is sensitive.
Although Darkness does not use any new DDoS techniques, its coding is widely considered to be tighter than most of its contestants, so needs fewer resources to perform the same number of attacks. This means that fewer systems need to be infected and controlled by the bot for it to be effective.
The group behind cyber threat information site Shadowserver, who describe their mission as “to understand and help put a stop to high stakes cybercrime in the information age”, said: “Darkness is an effective and efficient DDoS bot. With this free public release we expect to soon see a wider deployment of Darkness command and control servers.”
DDoS attacks have been prevalent recently. Both MasterCard’s and Paypal’s European sites were forced offline late in 2010 by supporters of whistle-blowing web site Wikileaks.