A DDoS attack uses a network of computers (called agents) under an attacker’s control to inundate the target server with requests for communication. Because the target cannot differentiate between legitimate and illegitimate requests, it attempts to respond to all requests, ultimately reducing or, in severe cases, eliminating its ability to respond to valid requests. There are several methods by which an attacker can gain control of the large number of computers required to carry out this type of strike; some of them allow hands-on control over the attack, while others are more passive.
One of the less complex, but more passive methods by which an attacker can gain control over a computer to be used in a DDoS attack is by coding instructions into a piece of malware that the target computer’s user unintentionally downloads. Once the malware is downloaded, the computer becomes an agent of the attacker. Code within the malware instructs the agent to request information from a given server at a specific time. If enough computers have been infected by the malware, the coordinated barrage of requests can have a crippling effect on the target’s ability to function.
A more complex type of DDoS attack involves compromising the agent with a trojan that carries code allowing the attacker to remotely control it. Remote control of the agents (also referred to as zombies) is normally not direct. Instead, it is achieved through a hierarchical command structure whereby the attacker gains control of any number of servers, called handlers, which subsequently send operating instructions to the zombies. This type of malicious network is called a botnet. One strength of a botnet from the attacker’s perspective is that it allows for control of thousands of zombies per handler. In some cases, a personal computer or server becomes part of a DDoS attack with the owner’s consent, such as when the owner and attacker share a cause or ideology.