DDoS threat raised as Darkness bot is given away for free

Denial-of-service attacks now easier and cheaper for criminals to run

A DDoS (distributed denial-of-service) bot called Darkness, which can be used to force web sites offline, has been released for free on cyber criminal forums.

The botnet tool, which attacks web sites by making a high number of page requests so that the servers reach their limits and crash, is popular with hackers because it's more efficient than many other tools.

This means DDoS attacks are now both easier and cheaper to run, and the potential threat to individuals and organisations is heightened.

The group behind cyber threat information site Shadowserver, who describe their mission as "to understand and help put a stop to high stakes cybercrime in the information age", said: "Darkness is an effective and efficient DDoS bot. With this free public release we expect to soon see a wider deployment of Darkness command and control servers."

Although Darkness does not use any new DDoS techniques, its coding is widely considered to be tighter than most of its competitors, so needs fewer resources to perform the same number of attacks. This means that fewer systems need to be infected and controlled by the bot for it to be effective.

DDoS attacks have been prevalent recently. Both MasterCard's and Paypal's European sites were forced offline late in 2010 by supporters of whistle-blowing web site Wikileaks.