Thousands of compromised machines are attempting to make fake purchases from an online store. Which of the following is taking place?

A brute-force attack involves systematically trying all possible combinations of passwords or encryption keys until the correct one is found. This method is typically aimed at gaining unauthorized access to a system or account, rather than overwhelming a service with requests, making it irrelevant to the scenario described.

Spoofing refers to disguising a communication from an unknown source as being from a known, trusted source. While it can be a component of some attacks, it does not encompass the action of multiple machines making fake purchases to overload an online store. Spoofing is more about deception than the sheer volume of requests being sent.

SQL Injection is a technique used to exploit vulnerabilities in a web application's database layer by injecting malicious SQL code. While it can lead to unauthorized data access or manipulation, it does not involve multiple machines making simultaneous requests, which is central to the scenario presented.