Just like legitimate businesses, criminals are turning to the cloud as a way to generate new services and simplify their infrastructure. While some sites offer botnets for lease or sale, and other sites offer aid with cheating on games, the latest crop of criminal enterprises is serving up attacks as a service.
In the latest example of this, a Chinese group has opened up a site, called IM DDODS, that allows customers to sign in and order denial-of-service attacks, according to a report released by security firm Damballa on Monday. The attacks are powered by a fairly large botnet, the firm says.
"It is a self-service website," Stephen Newman, vice president of product management with the firm. "And it is has all the hallmarks of a commercial website, essentially."
The IM DDOS site -- written in Mandarin -- allows customers to create accounts, choose targets, and level attacks against those targets. The website claims that only nonlegitimate Web servers -- such as gambling sites -- can be chosen as the target of an attack, according to a report written by Damballa researchers.
Using distributed denial-of-service attacks against illegal sites is uncommon, but not unheard of. Late last week, for example, an Indian firm reportedly claimed that Bollywood movie studios had paid it to attack pirated movie sites and make them inaccessible to other users.
Attacks-as-a-service sites have been less popular than those that help would-be criminals create their own botnet, but as better defenses and more successful botnet takedowns make attacks more complicated, it's likely that criminals will outsource their needs.