The number of websites based in China offering Distributed Denial of Services (DDoS) as a service malware has recently jumped along with associated social media groups that help wannabe cyberattackers back end support and tips.
Talos researcher Dave Liebenberg noted in a blog that many of the DDoS services available are very similar to each other in layout and designed to make it very simple for a beginner to set up an attack by using an interface that only requires the user to choose the target's port, attack method and attack duration. Previously, the tools available for purchase required a more hand on approach from the user.
Despite the similarity, Talos believes there are multiple actors behind all the sites, of which the company believes there are at least 32. Instead, due to variations in the site's payment and registration systems, customer service access and the fact that one site member attempted to attack another of the DDoS services.
“We had strong indications that multiple groups were building nearly identical online DDoS platforms, but still had no idea why they were using the same layout or why they had all begun to appear so recently,” Liebenberg wrote.
What was discovered was that the source code relied on Bootstrap front-end design and then by digging through the CSS files of some of the available offerings there was a single author named Pixelcave. A deeper look at Pixelcave revealed it offered bootstrap web designs that looked just like the DDoS sites.
However, Talos still does not know the source of the original source code, but spotted a few hints.
“There are several English language websites that offer online DDoS services, such as the tool DataBooter. These websites have some similarities to the Chinese DDoS platforms. For instance, they have a bootstrap-based design, are hosted on Cloudflare, and have similar graphics conveying the number of attacks, users, and servers online,” Liebenberg said.