CastleCops, an online security community whose charter is to help fight malware and phishing scams, fell under Distributed Denial of Service attacks (DDoS) beginning February 13. The attack was so serious that it completely knocked out the network of CastleCops' ISP. By February 15, the "command center" controlling the botnet used to launch the attack was identified and blocked, and CastleCops came back online. But the attacks didn't stop.
On February 19, CastleCops experienced approximately 969Gbps of incoming network traffic. The attack tapered off over the course of an hour and then spiked again a few hours later to just over 350Mbps. Then on February 20, traffic spiked once more, reaching just over 993Mbps. That attack quickly tapered off to a steady 44Mbps.
Paul Laudanski, founder of CastleCops and Microsoft MVP, said that such an attack could have cost as much as $33,000 due to bandwidth charges. Fortunately, CastleCops wasn't made to pay that rate, otherwise the site would have probably gone offline permanently, according to Laudanski.
Antispam company Blue Security underwent a similar DDoS attack in May 2006. A former moderator for the company said that a Russian spammer known as PharmaMaster paid $2,000 an hour to have the attack aimed at Blue Security. The attack eventually led Blue Security to cease its crusade against spam.
