Websites blocked by ISPs when under a distributed denial of service attack (DDoS) face millions of pounds in lost business because ISPs refuse to take responsibility for hosting infected computers on their networks.
Typically, a distributed denial of service attack relies on an attacker remotely controlling numerous and widely distributed computers infected by viruses and Trojans. The attacker uses these ‘botnets’ to send a flood of requests to a website, which is often unable to cope and its servers fail, taking the website offline.
It’s a relatively simple and cheap operation for the attacker. Keith Laslop, President of DDOS mitigation outfit Prolexic told us: ‘I’ve seen them on forums where you can hire bots for next to nothing. Four cents a bot. So you could take down a site very cheaply. You could get enough together for, say, a 50Mbits DDOS attack. You could take someone out with that.’
DOS attacks are also becoming increasingly common. During the first six months of 2006, Symantec observed an average of 6,110 DoS attacks per day.