This is a typical case of a well-known exploit making it to some reporter's attention and then getting pushed as a end-of-the-world scenario.
Yep, it's easy to do (won't go into details here script-kiddies)
No, it's not that severe a problem (you can block packets/notify the gameservers ISP to shut it off)
And it's not the only way to run (D)DOS attacks, there are much more subtle methods
AFAIK, AH sends MUCH less data on querys, so it's more a problem with Quake/BF1942 servers that post way more data than the query to the server has.
