Yeah, that's what I found too. I think you beat my edit by a few seconds. :-)
It looks like several versions have been written, but they're probably all based on the same basic concept. The "Javascript" version that people were referring to is probably the screenshot you posted, which would be trivial to launch with a few Ajax requests.
I will point my finger and laaaaaugh if this manages to take down any Wall Street websites.
Since they have a lot of members, bringing down a website is still possible (even if they simply click refresh continuously).
Now, about the tool, assuming they are really smart (they aren't) they would make a bookmarklet which would have to be clicked while Wall Street website is open. This would allow all kinds of things to be done, including Ajax requests.
If #refref tool is hosted on another domain, same-origin policy would prevent Ajax from happening. Most likely, in that case they are simply creating a bunch of IFRAMEs and refreshing them with javascript.
> ...same-origin policy would prevent Ajax from happening.
Actually, it doesn't! I decided to try this out for myself a while back. You can get or post a request to any resource at another domain, you just don't get to see the contents of the results. But the request itself works just fine, and you'll even still get to know when the request is complete.
It looks like several versions have been written, but they're probably all based on the same basic concept. The "Javascript" version that people were referring to is probably the screenshot you posted, which would be trivial to launch with a few Ajax requests.
I will point my finger and laaaaaugh if this manages to take down any Wall Street websites.