One: Do you need KeepAlive? If not, then simply turn it off.
Two: Is your KeepAlive timeout set too high? Try lowering it to 5 seconds as KeepAlive is really only needed to the current connection to quickly get all its content. No sense in leaving it open once they finish loading.
Three: Is your KeepAlive max requests set too high? A value around 100 is good for most pages and will prevent a host from keeping a KeepAlive session open indefinitely.
If this is a DOS, as you suggested it may be, check out mod_evasive. This can be used to rate-limit incoming connections to Apache and issuing blocks on IP's it determines to be flooding your server (outputs 403 Forbidden errors for a set length of time).
It could be that someone has hotlinked the image from a 3rd party site - e.g. using it as a forum avatar. Therefore, since it is only file hit on your server, it will always be the one shown in normaly keep alive requests.
Apart from the above suggestions, if you don't want hotlinking on your server, you can add rules to mod_rewrite to prevent it.