How Distributed Denial of Service ‘DDoS’ attack works

Often it starts with the plan of a criminal to build a botnet. So, this malicious person goes to an underground marketplace, buys a piece of malware, a bot and a control server software. In addition, he/she might even be able to buy an initial distribution of the bot by letting somebody infect a webpage (which might be unpatched or have a weak password or somehow else being unsecured) or any other distribution channel for malware you might know of (e.g. social engineering):

Now, the criminal is ready to go. He/she might own a certain number of PCs called Zombies. He can now offer his “services” on the same online black market, he initially purchased the malware from and might find “customers” like spammers, phishers, blackmailers or any other criminals:

Here you see the reason why we leverage our Malicious Software Removal Tool to go after the largest botnets. It is all about protecting the ecosystem.

So, I could basically rent a botnet to flood a web server with any kind of junk in order to take it offline – this is called a Distributed Denial of Service attack. I often compare this with spam – not for your Inbox but for your web server. The server is still up and running but kept busy sorting junk from legitimate traffic.

There are often different motivations behind this:

  • Remember the times of Al Capone? Where the criminals attacked shops and then offered them a service to protect them? The same can happen here: A criminal runs a DDoS against your website and takes it down for a few minutes. Then he lets it come up again and tells you that he can protect you from these attacks – I would call this blackmailing.
  • We often see such attacks with a political background. You see a conflict happening somewhere and one party (or both) is trying to take down the website of the other.
  • Sometimes it is more a “I do not like you” background. Microsoft has been attacked as well from time to time….

If you need help protection against Distributed Denial of Service ‘DDoS’ attacks click here.