@FourOh-LLC >What is the return in trying to compromise a single-user system, which has no data
Even single user systems are quite valuable due to how all computers are now very fast and many are behind an acceptable internet connection - this is proven by how many crackers love to make botnets out of single user systems.

>and it will shut down by the ISP for sending out traffic under the suspicion of a DoS attack?
From an attackers point of view, it's extremely rare for decently programmed malware to be discovered on single-user systems and even rarer for the internet connection to be cut off, as you can get away with sending a lot of things over a residential connection without anyone noticing, up to a point.

In many places in the world, ISPs artificially limit upload so severely that you couldn't reliably detect a DoS attack from such uploader, as the upload is often maxed on during general internet usage.