Low Orbit Ion Canon DDoS tool still going strong

The Low Orbit Ion Canon (LOIC) ‘do it yourself’ DDoS tool recently surpassed its download numbers for the whole of 2011 at a rate of nearly 3,500 per day, security firm Imperva has reported.

By 22 April LOIC matched last year’s 381,976 total downloads, and is now set to be downloaded well over a million times in 2012 at the current rate.

As in 2011, the US remains the major LOIC download hotspot with 73,000 downloads, followed this year by France, Brazil, the Ukraine and Poland in that order.

The UK has fallen from fifth place with 16,734 downloads in 2011 to eighth position so far in 2012 – with 12,392 downloads in only 112 days, however, the UK will still easily surpass last year’s total.

The continued popularity of LOIC as a download is all the more surprising given that it can also be launched as a Java tool from a website without the need to run a dedicated app. This method remains far less efficient but is just as susceptible to being traced by IP address.

One possibility is that LOIC is now being downloaded to attack web targets not likely to complain to the authorities, such as the unpopular governments of Syria or Iran.

The fashion for home DDoS has been exploited on at least one occasion by cybercriminals. Earlier this year, in the aftermath of the arrest of Megaupload founder Kim Schmitz, someone altered the Pastebin download link for the Slowloris DDoS tool to point to an online banking Trojan.

Thousands of people might have thought they were downloading a mighty tool for humbling ‘the man’ in revenge for Schmitz’s incarceration when they were actually installing a keylogger.