Economics are playing a part in the decline of denial-of-service attacks, according to a Symantec security expert.
In the second half of 2006, Symantec noted a sharp decline in distributed denial of service (DDoS) attacks, where a network of remote-controlled bots - usually end-user machines infected with malicious software - overloads a target's system and takes it offline.
Part of the decline is due to the fact that such attacks simply aren't paying off for the attackers, Symantec security engineer Yazan Gable said in a note on the company's website.
"Although there are likely a number of factors at play here, I think there is one primary factor: denial of service extortion attacks are no longer profitable," Gable wrote.
DDoS attacks first started to skyrocket in the second half of 2005, according to Symantec's twice-yearly Threat Report, rising 51 percent to an average of 1,402 attacks per day.
In the first half of 2006 the upward trend continued, reaching an average of 6,110 attacks per day.
But by the second half of 2006 DDoS attacks appeared to have reached a peak, declining to an average of 5,213 per day.
The rise in DDoS was, like other types of cybercrime, driven by a search for profits, Symantec said. Now that same profit motive appears to be driving attackers away from DDoS toward more lucrative, less risky enterprises such as spam delivery.
DDoS extortion is inherently risky because attackers are obliged to use their bot network to carry out at least one successful denial-of-service attack, Gable said. And every time the bot network is used for such a high-profile attack, the network controller risks losing some of his bots or, if the command server is identified, the whole network.
"So what happens if the target of the attack refuses to pay? The DoS extortionist is obliged to carry out a prolonged DoS attack against them to follow through on their threats," Gable wrote. And if the target has already refused to pay, he will probably not pay up later on either. "For a DoS extortionist this is the worst scenario because they have to risk their bot network for nothing at all."
Gable said attackers seem to be turning their attention to spam. "Not surprisingly, we saw a noted increase in spam volumes in the last six months of 2006," he wrote.