How the assaults work, and how to fight them

Investigators are piecing together details about one of the most aggressive computer attacks in recent memory — a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean government agencies, companies and institutions, in some cases for days.

How does this type of cyberattack work? And how can people make sure their computers are safe?

Here are some questions and answers about the attack.

Q: What is a "denial-of-service" attack?

A: Think about what would happen if you and all your friends called the same restaurant over and over and ordered things you didn't even really want. You'd jam the phone lines and overwhelm the kitchen to the point that it couldn't take any more new orders.

That's what happens to Web sites when criminals hit them with denial-of-service attacks. They're knocked offline by too many junk requests from computers controlled by the attackers.

The bad guys' main weapons in such an attack are "botnets," or networks of "zombie" personal computers they've infected with a virus.

The virus lets the criminals remotely control innocent people's machines, which are programmed to contact certain Web sites over and over until that overwhelms the servers that host the sites. The servers become too busy to respond to anything, and the Web site slows or stops working altogether.

Q: How often do these attacks happen?

A: People try denial-of-service attacks all the time — many government and private sites report being hit every day. Often the assaults are unsuccessful, because Web sites have ways of identifying and intercepting malicious traffic. However, sites really want to avoid blocking legitimate Web users, so more often than not, Internet traffic is let through until a problem is spotted.

Denial-of-service attacks are noisy by design and they intend to make a statement.

Often the attacks take a site out for a few hours, before Web-site administrators can respond. What made the most recent attack notable is that it was widespread and went on for a while, beginning over the Fourth of July holiday weekend and running into this week. It's not yet clear how the attack was able to last that long.

Q: Some organizations appear to have fended off these recent attacks, while other Web sites went down. How can this be?

A: The sites that went down probably were less prepared, because they are less accustomed to being hit or aren't sensitive enough to warrant extra precautions.

Popular Web sites, like e-commerce and banking sites, have a lot of experience dealing with denial-of-service attacks, and they have sophisticated software designed to identify malicious traffic. Often that's done by flagging suspicious traffic flowing into the site, and if there's enough of it, preventing it from ever reaching the site's servers.

Another approach is to flag suspicious individual machines that seem to be behind an attack, and ban any traffic from them from reaching the site.

Q: If these attacks make use of compromised computers corralled into a "botnet," should I be worried about whether my PC is one of them? What could I do to prevent it or fix it?

A: If your computer is being used in a denial-of-service attack, you're likely to see a significant slowdown, because your processing power is being siphoned for the assault. But there aren't always obvious signs that your computer has been infected.

So the best thing is to focus on prevention, namely by having up-to-date anti-virus software. In particular, make sure your anti-virus software gets updated over the next few days.