Console DDoS Botnets - A Thriving Industry

| | Comments (0)
I've talked about Botnets used to kick gamers out of sessions before, but I thought it might be interesting to check out some of the current pricing, along with a few other things.

Botnets and Gaming - wha?

People have been using various means to lag people out of games for many years, but it had always been a PC thing. The moment online console gaming took off, somebody realised most console gaming sessions were peer to peer (which meant IP addresses were easy to grab), combined Botnets with moneymaking and rolled out an unstoppable army of teabagging and headshottery.


It all depends on the game. Most online console games offer up rewards for progressing through the ranks, be it additional items, weapons, outfits and / or levels.

Stolen high level accounts in games such as Halo themselves fetch a tidy sum on the black market (would anybody have seriously thought a stolen gaming account could pull in as much as $25 a few years ago?) but the art of "host booting" has turned into a bit of a money spinner.

There are three main types of lagging a game out, and depending on how the game works various types will be deployed or blended to ensure the attacker wins the game and levels up.

1) Lag switching. A lag switch can be picked up for around $20, and if you've ever been in a game that appears to be frozen while the other team happily runs around shooting you this is likely the culprit. Quite common, unfortunately.

2) Host forcing. More often than not, many games come down to who happens to be hosting it. To ensure the hosting advantage (which may or may not be debated endlessly by those who refute being pwned by something as basic as "my connection wasn't as good") the art of "host forcing" was born. Typically, a combination of various programs are used such as Zone Alarm, Commview and custom built programs such as this one:

ekksbawks2.jpg discover the IP addresses of the players, and start throwing them into various "Trusted zones" (which then leads to the not-entirely-sophisticated process of, er, waggling sliders up and down rapidly in Zone Alarm. Nobody ever said this was an elegant solution). That "ION" program has been around since the days of Halo 2, by the way.

Once you have the host, the theory is that you have a slight advantage over the other players because you have no lag. However, this isn't enough for the cheaters so what they'd do is hit the "standby" button on their router and when the game would come back (after lagging all over the place) everybody bar the host would still be lagging. This would result in lots and lots of headshots with a fair amount of swearing from the others in the session.

Worse, in addition to single players doing this, whole teams can bridge their connections and attempt a "team standby", where one team is fine but the other is doomed.

Not very nice, but there you go.

3) DDoS Host Booters. These are probably the worst of the three tactics on offer, and involve custom made programs that target specific players, then knock them offline via a dedicated Botnet. This is no different to someone aiming a regular Botnet at your home connection.

host booter, originally uploaded by Paperghost.

As already mentioned, most console games are peer to peer and because you can use Internet Connection Sharing with an XBox console, it's the easiest thing in the world to grab some IP addresses and have some "fun". Because the attacks target the player rather than XBox Live itself (which would likely be a futile effort) it's quite difficult to do anything about it.

Many saw an opening for money making with this technique, because there are no end of technologically clueless (but very angry) gamers out there who want to get even.

Want to DDoS someone, win that online session and move up a rank or three? No problem, pay us and we'll create a custom built DDoS Low Orbital Cannon to clear out the noobs. Some games punish players / teams that leave a session early, removing experience points and / or awarding the win to the other team which makes this technique rather appealing.

Although getting on a bit, the below pricing structure is pretty much what it is now:


$5 for a Bot, with nothing else. This is the option for those who already know what they're doing and have a Booting program ready to roll.

$10 for a Bot AND a Booter, for those who have no idea which Booter to pick. You're not going to kick many people out of Halo 3 with one Bot, however, so from there it's $2 per additional infected computer added to your Botnet of Doom.

$5 extra is needed if you want them to go dabble with your network / Firewall, and it's $20 if you want them to remote into your PC and set EVERYTHING up for you. Also note that they'll put a fake icon onto the infection file they're trying to nail people with on your behalf - I suppose paying up is in your best interest if you want them to infect as many people as possible.

Some charge per game and / or rank in a particular game, rather than per Bot because hey - they're just that nice, and (more importantly) they figure once you've set up your Botnet for someone you probably can't get anymore money out of them. Keep control of the Botnet, however, and you'll have money rolling in for as long as the buyer wants to DDoS gamers.


Dedicated Host Booting sites that contain both Booting programs and tutorials are a relatively new addition to the ranks, but they're definitely growing in number. Here's a membership sample from one of the more recent portals:

host booter community.png

Worryingly, there are rewards for promoting those communities:


Free Bots? Yep. I've seen one or two sites offering up to as many as 30 or 40 free Bots in return for spreading the word. It's interesting how console gaming is becoming a bit of a driving force for individuals racing out to infect computers, and I don't think the situation will improve anytime soon...

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on December 1, 2009 10:04 AM.

Fake Program Is Fake... was the previous entry in this blog.

Fake Porn Grabbers Snag Nothing But Malware is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.