Security from A to Z: DDoS

Denial-of-service attacks, which take down a Web resource, are used by digital blackmailers. Part of a series on hot security topics.

Natasha Lomas Mobile Phones Editor, CNET UK

Natasha Lomas is the Mobile Phones Editor for CNET UK, where she writes reviews, news and features. Previously she was Senior Reporter at Silicon.com, covering mobile technology in the business sphere. She's been covering tech online since 2005.

See full bio

Natasha Lomas

Nov. 28, 2006 12:28 p.m. PT

A denial-of-service (DoS) attack aims to render a Web resource unavailable to its everyday users.

It works by flooding a Web server with more requests to serve a Web page than it can handle. That means that during the attack period, the hosted site will be dramatically slower to load or may not load at all.

Another type of DoS attack, known as an "e-mail bomb," targets an organization's servers by sending more e-mail than the systems can handle.

A distributed denial-of-service attack (DDoS) is when multiple compromised PCs are used to overwhelm a Web site's bandwidth or resources. The machines used in such attacks are collectively known as a botnet, or zombie network, and will have previously been infected with malicious software, meaning they can be remote-controlled by the attacker.

The cybercriminal fraternity uses denial-of-service attacks as a weapon to blackmail e-commerce businesses, which rely on their Web sites being accessible in order to make money. Online gambling sites are popular targets, due to the nature of their business and the lure of ready money. But attacks are not always financially motivated. Perpetrators can simply be seeking to cause disruption or make a name for themselves.

Natasha Lomas reported for Silicon.com in London.