Regardless of the DDoS attack tools used, the ability to launch an attack from hundreds, thousands, or millions of computers significantly amplifies the potential of that attack to cause denial of service, which is why botnets are common DDoS attack tools used. Botnets are large collections of compromised computers, often referred to as “zombies,” that are infected with malware that allows an attacker to control them. Botnet owners, or “herders,” can control the machines in the botnet using a covert channel, such as IRC, issuing commands to perform malicious activities such as DDoS attacks, distribution of spam mail, and information theft.
Many botnet owners have attempted to scale down networks to avoid detection. However, some larger, more advanced botnets—BredoLab, Conficker, TDL-4, and Zeus, for example—have been estimated to contain millions of machines. Large botnets can often be rented for as little as $100 per day. (One online forum ad offered the use of a botnet with 80,000 to 120,000 infected hosts for $200 per day.)