The Security Breach
"Nothing more than the whim of a 13-year-old hacker is required to knock any user, site, or server right off the Internet," says Steve Gibson, founder and president of Gibson Research Labs.
As the GRC.COM attack showed, DoS attacks are initiated by breaking into hundreds or thousands of machines all over the Internet and then installing DoS software on the machines. This allows the malicious attacker to control all these machines to launch coordinated attacks on a network service or individual web site. These attacks can exhaust bandwidth, fill disk space, or overload router processing capacity, CPU capacity, or network stack resources. These attacks can also break a victim's connection to a network or cripple the ability of their computers to communicate or even function.
Here's how it's done.
Through email attachments or visits to a web site, an attacker installs an innocent-looking download. The download is a particular kind of Trojan horse that turns the host into a zombie after compromising the PC. The Trojan horse grants the attacker who is controlling the zombiebetter known as the zombie-masterabsolute control over his victim's machine. Using that machine and hundreds of others infected with the Trojan horse, the attacker can disguise his true identity and launch a DoS across the Internet toward an unsuspecting server.
But there's a more insidious side to these zombies. In addition to controlling a machine for DoS attacks, the Trojan enables the zombie-master to monitor every keystroke on that machine for the purpose of capturing online passwords, credit card numbers, e-banking passwords, and so on. Any user with a zombie on his or her machine might as well have the attacker standing right there, watching every move of the user on the computer.