Two major sites dedicated to developing remote access software have been shut down care of a DDoS (Distributed Denial of Service) attack coordinated by a group of cyber miscreants who were affronted by the comments posted about them on the front pages of the two rootkit websites.

Security expert Greg Hoglund's Rootkit.com, a prominent website specializing in detecting rootkits or software systems that hide the fact that a system has been compromised, has been offline for seven days straight now. Two other pages maintained by a rootkit creator named "Holy Father" have also been shutdown because of the attacks considered to be the handiwork of the SIS-Team, a group of hackers based on Bulgaria and Turkey.

Hoglund discloses that the rootkit.com attack started on Tuesday, April 5, after a person using the handle "ATmaCA" submitted a rabble-rousing post to one of the discussion forums on the site that promoted several malicious remote access software programs sold by SIS-Team, which includes ProAgent, SIS-IExploiter, and SIS-Downloader.

The abovementioned applications are potent spyware programs that, when used together, helped remote attackers covertly destroy and corrupt other PCs using modified web pages with malicious code. They are typically sold over the Internet through websites like SpyInstructors.com and are usually employed for clandestine spamming expeditions.

ATmaCA's inflammatory message prompted brusque answers from rootkit.com members that were against posters using the discussion page as a venue to sell their wares. That's because other rootkits discussed on the site are open source, so the regular members of the forum have a pro-open-source sentiment that kept them at odds with people who wanted to profit from their codes and programs. In fact, some rootkit authors even post links of their source code on the site as a demonstration of how supportive to open source they truly are.

In the forum war that exploded between rootkit.com contributors and SIS-Team members, posters started to question the quality of SIS-Team products. Several rootkit.com regulars contended that the tools infrequently crashed the computers they ran on because their source code was poorly written overall.

Just hours after ATmaCA's first message, the rootkit.com website went through a massive DDoS attack by a botnet of 500 corrupted computers that floored the site with over 170,000 requests per second, rendering it inoperable and inaccessible to most web surfers. Holy Father's two rootkit-dedicated websites met the same fate after he also posted disparaging comments about ATmaCA and the SIS-Team.