In a Denial-of-Service (DoS) attack, an attacker bombards a victim network or server with a large volume of message traffic. The traffic overload consumes the victim's available bandwidth, CPU capacity, or other critical system resources, and eventually brings the victim to a situation in which it is unable to serve its legitimate clients. Distributed DoS (DDoS) attacks can be even more damaging, as they involve creating artificial network traffic from multiple sources simultaneously.
In order to launch an, effective DDoS attack, an attacker typically attempts to control a large number of servers on the Internet. One approach to gaining such control is to use “worms,” which are malicious programs that self-replicate across the Internet by exploiting security flaws in widely-used services. Worm infections are often invisible to the user of an infected computer, and the worm may copy itself to other computers independently of any action taken by the computer user. After taking control of a computer, the worm often uses the computer to participate in a DDoS attack, without any knowing collaboration on the part of the computer user. Infected computers that participate in this sort of mass malicious activity are referred to herein as “zombies.”
The present invention will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which: