Trigger-happy attackers looking for additional ways to bring websites to their knees by means of a DoS attack have been given another tool that can aid in their efforts: FlashFlood.

The creator of the JavaScript in question is Robert Hansen, the VP of WhiteHat Labs at WhiteHat Security, who published a prototype of the script on Tuesday.

“It works by sending tons of HTTP requests using different paramater value pairs each time, to bypass caching servers like Varnish,” Hansen explained, but pointed out that attackers who wished to remain anonymous should trick other people into executing the code, as the defenders can pinpoint the IP address from which the flooding is coming.

By itself, the script is not enough to bring down most websites, but is designed to add strain on a system that is already under attack via other means.

Heavy database-driven sites and Drupal sites are perfect targets for attackers wielding this tool – if they rely on caching to protect themselves.

Source: http://www.net-security.org/secworld.php?id=17771