DataDome

Understanding Botnet for Hire Services: DDoS Booter, Stressers, & Other Terminology

Table of contents
Veronica Drake, Content Marketing Specialist
17 May, 2021
|
min

Botnet attacks occur when zombie devices under the control of a cybercriminal launch a coordinated attack on a website, server, or system.

One of the most common, and also most dangerous forms of botnet attacks is DDoS (Distributed Denial of Service), where the army of zombie devices launched a coordinated request to a website or online service to overwhelm the server, significantly slowing down the server or rendering it completely unavailable to legitimate users.

In recent years, however, the threat of DDoS attacks and other various forms of botnet attacks are amplified with the rise of the botnet-for-hire services (also known as DDoS-for-hire services, DDoS booters, or stressers).

With DDoS booters, DDoS attacks aren’t only possible for professional cybercriminals who have the right skill and infrastructure, but virtually even a small business can hire a booter’s service to anonymously attack its competitor, often for a very affordable price.

“It used to be that in order to be able to create a high volume attack you had to go and create your own botnet. However, right now there’s so little effort needed to accumulate an IoT botnet that we’re seeing these underground DDoS-for-hire services coming down into the $15 per week range.”

Don Shin, A10 Networks’ Senior Product Marketing Manager

Botnet-for-Hire: The Concept

Why are botnet-for-hire, or DDoS-for-hire services so dangerous? To really understand the scale of the threat it presents, we have to first learn about the concept of botnet-for-hire services.

Simply put, a botnet-for-hire service sells access to the botnet (or botnets) containing an army of zombie devices.

It’s crucial to first differentiate a “bot” and a “botnet:

  • A bot, or internet bot, is a computer program, or software, that is designed to perform automated tasks over the internet. Bots can be good and beneficial, like Googlebot, but there are also malicious bots owned by hackers and cybercriminals.
  • A botnet, on the other hand, is a group of devices, mainly computers but can also be smartphones, wearables, and IoT devices that are under the control of a cybercriminal, mainly because they are infected by malware. These infected devices are called zombie devices.

A botnet-for-hire service rents access to botnets and not bots, to avoid confusion.

In the past, building a botnet consisting of a substantial amount of zombie devices (thousands and even millions) would require special infrastructure and a significant amount of skills and knowledge.

Nowadays, however, building a botnet is actually quite accessible. Even a simple Google search can provide us access to various Build-Your-Own-Botnet tutorials along with affordable and even free botnet building tools.

While there are various techniques a bot herder can use to infect target devices, typically a botnet building tool will contain the bot malware payload along with the kit to build a C&C (Command and Control) server. With this fairly simple toolkit, even one without substantial programming knowledge and experience can start distributing malware through various means to infect more devices and build his/her own botnet.

Not to mention, the attack surface for these would-be botnet creators is also much bigger. Many smartphones, wearable devices, and IoT devices are not yet very secure, making them easy prey for these botnet builder tools.

This is why botnet-for-hire services nowadays are very affordable, and you can potentially rent a DDoS-for-hire service for under $100 dollars, giving you access to tens of thousands of zombie devices. With building botnets becoming accessible, more botnets are now available for hire, driving down the costs even lower.

Botnet-for-Hire: DDoS Booter, Stresser, DDoSer

So, what are booters, stressers, and DDoSers?

They are just other names for botnet-for-hire or DDoS-for-hire services, but there is actually a reason behind these names.

Unlike some forms of cyberattacks like content/web scraping that are actually legal or at least, in a grey area, DDoS attacks are downright illegal in many countries. Also, the practice of renting access to malware-infected devices is also illegal since it’s basically admitting you are infecting these devices with malware and “stealing” resources.

This is why instead of advertising their services as “botnet-for-hire” or “DDoS-for-hire”, many cybercriminals advertise their “product” as “stressors”, a software that can be used to stress-test the resilience of a server. So, a DDoS attack on another server (not the renter’s own) can be claimed as a “stress test”, although we know that isn’t actually the case.

Other botnet-for-hire services, on the other hand, advertise their services as DDoS booters or DDoSers, but the services offered are essentially similar: DDoS-for-hire.

The Evolution of Botnet-for-Hire Services

DDoS attacks are getting scarier by the day, not only because the DDoS methods are becoming much more sophisticated: harder to detect while at the same time much more destructive, but also because these botnet-for-hire services are becoming more and more affordable than ever.

Meaning, the barrier of entry for performing large-scale DDoS attacks is also lower.

Many botnet-for-hire services are also aggressively advertising their services, offering loyalty points and discounts just like your favorite retail stores. Some are also offering their own apps to ensure ease of use.

In 2017 the cost of hiring a DDoSer service was around $25 per hour, and the cybercriminal renting the service will make a profit of around $18/hour. In 2020, however, there are now DDoS-for-hire services that rent their services for as low as $10 per hour, or around $60 for 24 hours, very affordable.

Meaning, if you are a business with a website, technically your competitor can DDoS your website for just $10/hour. Even worse, with bogus PayPal accounts and cryptocurrency transactions, it’s also very difficult to trace the client renting the service.

By offering such affordable services in their shared DDoS attack infrastructure, now there are a lot of malicious clients renting their services, and so these booters are now responsible for hundreds of thousands of DDoS attacks per year all over the world.

It’s important to note that although the cost for launching a DDoS attack is now much lower, the financial and reputational damage caused by the DDoS attack has climbed higher instead.

The Danger of Botnet-for-Hire Services

As we can see, a key danger caused by these DDoS-for-hire attacks is the fact that now numerous attackers without any experience or knowledge can access very sophisticated DDoS-capable botnets for a very affordable price.

Meaning, these attacks are now very low-risk and very low-cost with an extremely high potential to cause significant damage.

DDoS attacks are very difficult to defend against, and by the time your system has been hit with the attack, it’s already too late to plan your response. Thus, it’s crucial to prepare a comprehensive response plan beforehand and invest in the right infrastructure to protect your network and your system from this looming danger.

IoT Zombie Devices: More Attack Surfaces for Bot Herders

IoT devices are designed to always connect to the internet, but many of them are equipped with weak or poorly configured device security. While many IoT devices might seem “primitive” enough to perform harmful attacks, many of them are actually capable of performing the necessary network requests for DDoS attacks, and many bot herders also use these IoT devices to spread the botnet malware to other devices.

With how many of these IoT devices are vulnerable, this has resulted in a bigger attack surface for bot herders, allowing a potentially even bigger botnet.

Another challenging fact is that for an IoT device, vulnerability is often hardcoded into the firmware, which is more challenging to patch. It’s crucial to update the administrator password of all IoT devices from default credentials when possible and make sure to update any outdated firmware as soon as these updates are made available.

This is also why it’s crucial to only use IoT devices from reliable manufacturers that are committed to making their IoT devices more secure so they are free from various vulnerabilities that can be exposed by botnet malware.

How Can You Protect Devices from Becoming Part of a Botnet

Not only is your system a target from DDoS and various types of botnet attacks performed by these botnet-for-hire services, but your devices are also in danger of being converted into zombie devices and “recruited” by these services.

Here are how you can protect your devices from becoming a part of a botnet:

Change Devices’ Default Passwords

Cybercriminals often rely on brute force and/or credential stuffing attacks to access the administrative account of devices. For example, a device affected by a Mirai botnet malware is commanded to perform ping requests to surrounding devices (via IP scan). When a device responds, then the bot will perform a credential stuffing attack using a preset list of default credentials.

Thus, if the device (i.e. a router) is still using a default credential, then it will be compromised and converted into a part of this botnet.

By simply changing the device’s administrative credentials with a secure password, we can prevent this exploit quite effectively.

Periodic Backup, Wipe and Restore

Schedule automatic backups regularly. However, always make sure your system is “clean” of malware infection before performing the backup.

Thus, regularly wipe and restore your devices to a known good state, which can potentially clean your system from any malware and botnet software. This way, you can clean your system even from unknown, silently running malware.

Install Proper Anti-Malware Solutions

Since most botnet conversions are made possible with the help of malware infection, it’s crucial to invest in a good anti-malware/antivirus solution.

It’s best to use an anti-malware solution that works via behavioral detection instead of fingerprint-based detection, so you can properly protect your device from zero-day attacks. It’s also crucial to update your anti-malware solution as soon as updates are available to ensure optimal protection.

Update Everything Regularly

Another crucial aspect of protecting your devices from being infected by malware and other exploits is to update everything regularly: your OS, any apps/software, and hardware devices that are no longer supported by the manufacturers.

If there’s a security patch released, then any software should be updated as soon as possible, or else cybercriminals might be able to exploit the unpatched vulnerability to convert your device into a zombie device.

Configure Your Firewall and Routers

Configure your firewalls and network routers for high-quality filtering practices to scrutinize anything that penetrates your security. This will help in protecting your devices from DDoS malware.

Eliminate Human Factors

Cybercriminals often rely on phishing and other social engineering attacks to gain access to a user account. Educate yourself and your employees for signs of these phishing attacks, and in general, never click on any links and/or download any attachments from unknown sources.

How To Reclaim Infected Devices

A possible strategy to reclaim your infected device is to disable the whole botnet, which is only possible once you’ve identified the C&C (Command and Control) server. Obviously, this is extremely challenging, and many botnet-for-hire services operate in countries where law enforcement is less willing to intervene or less capable of closing the bot herders down.

Thus, we can only rely on eliminating infection on infected devices, by:

  • Running comprehensive anti-malware software to clean the infection
  • Wiping the device and reinstalling from a safe backup, as discussed above
  • Starting over by reformatting the machine to a clean slate when a backup is not available
  • Flashing the firmware for applicable devices

You may also consult your device manufacturers for other effective strategies.

How To Protect Your System from DDoS and Botnet-for-Hire Attacks

Invest In Botnet Detection and Management Solution

The best and most effective way to protect your network and system from various botnet-for-hire attacks, including potential DDoS attacks, is to invest in an AI-based bot detection software that can effectively differentiate between legitimate users and botnet activities.

DataDome works on autopilot and can stop and prevent botnet attacks in less than 2 milliseconds. It will block all botnet activities before they even reach your servers without any human intervention, and DataDome is also effective in blocking the sophisticated layer 7 DDoS attacks.

Datadome
Veronica Drake
Content Marketing Specialist
Veronica is the Content Marketing Specialist at DataDome. She creates strategic, research-driven content that highlights how DataDome defends against bots, fraud, and abuse in real time. Her work bridges threat research, product innovation, and industry trends to help security and fraud teams stay informed, proactive, and ready for what’s next.

Related posts

Datadome
GET DEMO

Experience everything DataDome

Schedule a demo of the DataDome platform to see how you can start blocking bots and preventing cyberfraud.

Get a demo