DDoS Attacks Hobble E-commerce, Security Sites

Digital vandals using distributed denial of service (DDoS) attacks are proving effective in driving e-commerce and security sites offline, and even out of business. The recent attacks show the DDoS becoming a potent weapon against sites with limited resources to defend their sites or pay overusage fees from attack-related bandwidth consumption.

Authorize-It, a Kentucky firm processing online credit card transactions, says it was knocked offline for a week by a DDoS extortion scheme. The attack occurred in mid-April, roughly the same time another online card processor, 2Checkout, was also hobbled by a DDoS blackmail plot. Both 2Checkout and Authorize-It serve the small business e-commerce market.

Sites offering tools to deflect hacker intrusions and spyware infestation have also become targets of DDoS attacks. Last week the NukeCops site was shut down and placed for sale, just days after a protracted DDoS struck NukeCops and an affiliated site, ComputerCops. NukeCops had just begun offering a tool claiming to secure the PHPNuke content management system against SQL injection attacks, an exploit frequently used by hackers to gain unauthorized access to online forum applications.

Last week the site operator warned that "unless I can get some sort of serious funding to continue operating then these may be the final days of the sites being in operation. The bad guys are hitting us the only way they can... in the wallet."

In February, SpywareInfo and several other sites offering tools to detect and remove spyware were taken offline by DDoS attacks. Spyware programs often serve as a gateway into an enfected PC, offering entry for trojans that can allow the machine to be remotely controlled and used in DDoS attacks or spam delivery.