Sunday, March 20, 2011

Anonymous DDoS Tool Gets Botnet Capabilities

by Lucian Constantin,
September 27th 2010 5:14 AM

A revamped version of the Low Orbit Ion Cannon (LOIC) tool used in mass Distributed Denial of Service (DDoS) attacks, allows users to function let it function as a botnet client.

LOIC is the primary weapon used by Anonymous in its ongoing "Operation Payback" DDoS campaign against film and recording industry associations, as well as other organizations involved in anti-piracy efforts.

The application was originally created by a user named Praetox and was used in several mass attacks over the years, including Anonymous' campaigns against the Church of Scientology or the Australian government or the Iranian election protests last year.

In January 2009 the code of the Windows program was released on SourceForge as an open source project and a cross-platform Java version was later created.

But four days ago, another developer branched off the code and added a new feature called "Hive Mind" to the tool.

This feature allows users to relinquish control over the application after installation and makes it act as a botnet client, which can be controlled from an IRC channel.

"HIVE MIND mode will connect your client to an IRC server so it can be controlled remotely. Think of it like a voluntary botnet," the creator explains.

The new LOIC was released four days ago and works on both Windows and Linux. The latest version requires .NET Framework 3.5 on Windows and the MONO open source framework on Linux.

The new variant also supports a command line switch, which allows it to run in the background with the user interface hidden.

This feature is not malicious by design, but it can theoretically be abused to run the program on someone else's computer without their knowledge, especially since no antivirus blocks it.

It's worth mentioning that LOIC is not the first so called "voluntary botnet" application. During the DDoS attacks, which accompanied the conflict in Gaza last year, Israel's supporters released a similar tool.

