The rise in DDoS was, like other types of cybercrime, driven by a search for profits, Symantec said. Now that same profit motive appears to be driving attackers away from DDoS toward more lucrative, less risky enterprises such as spam delivery.
DDoS extortion is inherently risky because attackers are obliged to use their bot network to carry out at least one successful denial-of-service attack, Gable said. And every time the bot network is used for such a high-profile attack, the network controller risks losing some of his bots or, if the command server is identified, the whole network.
"So what happens if the target of the attack refuses to pay? The DoS extortionist is obliged to carry out a prolonged DoS attack against them to follow through on their threats," Gable wrote. And if the target has already refused to pay, he will probably not pay up later on either. "For a DoS extortionist this is the worst scenario because they have to risk their bot network for nothing at all."
Gable said attackers seem to be turning their attention to spam. "Not surprisingly, we saw a noted increase in spam volumes in the last six months of 2006," he wrote.