By Jane Wakefield
BBC News website technology reporter
With the news that student millionaire Alex Tew has been targeted by blackmailers, the thorny issue of how to deal with denial-of-service attacks is back in the headlines.
Alex Tew's website fell victim to a web attack
Mr Tew's Million Dollar homepage, which sells pixels as advertising space, was brought down by a massive distributed denial-of-service attack launched after he refused to pay a $5,000 demand from blackmailers.
His venture is the latest in a long line of websites to fall foul of the net criminals who recruit so-called zombie PCs from around the world and use their net addresses to deluge sites with data.
According to security firm CipherTrust, any high profile website is ripe for this sort of cyber-crime, largely due to the ease with which attacks can be launched.
Net criminals intent on bringing down sites recruit mostly Windows PCs by infecting them with viruses or worms.
They then use the net addresses of these zombie PCs to deluge targeted websites with a huge amount of data, causing the servers to fall over and forcing the website offline.
Middlemen to crime
CipherTrust has been tracking the phenomenon of zombie computers for two years and has seen an alarming rise of nearly 50% in the number of infected machines being recruited over the past six months.
This is largely a result of the Sober virus which hit PCs around the world at the back-end of last year.
It estimates that 250,000 new machines are infected every day.
"China has the most zombie PCs at the moment and the US is regularly number two, with Germany at number three and the UK, with just 3% of infected machines, at number 10," said David Stanley, managing director of CipherTrust.
For firms affected by denial-of-service attacks, there is an important knock-on effect from the sudden rise in zombie PCs.
"It is likely we will see more denial-of-service attacks," said Mr Stanley.
As well as DDoS (distributed denial of service) attacks, zombie PCs are also used by net criminals to launch phishing attacks and send out spam.
For cyber-criminals, a DDoS attack is almost the perfect crime because it is virtually impossible to track down where it originated from.
And they also have the advantage of being able to recruit an army of unsuspecting home users, whose only crime is to pay less attention than they should to computer security.
"The middlemen in these attacks tend to be home users. People are contributing to the problem by the lack of security at home," said Mr Stanley.
People may never realise that their machine has been used in such an attack and their lives as an accessory to a criminal gang is relatively short-living. Mr Stanley estimates the amount of time an infected PC is used for criminal activity is about four days.
For anyone worried that their home computer is being used as a zombie, a key sign is the sudden slowing down of the system.
"If that happens while you are sitting at the machine, unplug it and clean it up," advised Mr Stanley.
Historically, net blackmailers have targeted firms that can ill-afford downtime, such as online betting sites and online payment firms.
Paul Court is director of operations at web hosting firm Globix and, with both betting sites and online payment firms on the books, is used to seeing sophisticated DDoS attacks.
Online betting sites have been regular targets for web attacks
He admits it is a daily fight to keep the criminals at bay. But the problem has been eased by a series of techniques, including using multiple routes for traffic to get to websites and diverting suspect traffic while filters are put in place.
The fact that the targets of the past are wising up to the problem may be one reason that the criminals are now turning their attention to smaller websites.
"Smaller websites tend to have quite basic hosting and these cheaper deals offer little or no protection against denial-of-service attacks," said Mr Court.
It is also difficult to fix the problems retrospectively and rarely comes cheap.
As the internet enters a new era of entrepreneurship, new websites, especially those that hit the headlines, will inevitably be targeted as Mr Tew has found to his cost.
Websites must decide whether to risk being left exposed, or dig deep in their pockets and set up the necessary battlements to protect themselves against such attacks.