Distributed-denial-of-service (DDoS) attacks have become a favorite weapon of hacktivists in the past several years, and especially recently. But while such attacks are typically launched from an army of PCs, researchers at McAfee have found a new app for Android that ports the infamous low orbit ion cannon (LOIC) tool over to mobile devices.
LOIC works by sending a large amount of TCP/UDP packets to a specific URL, explained Carlos Castillo, a malware researcher with McAfee. Besides the new Android version, the tool has also been ported to JavaScript to perform a denial-of-service directly from the browser. Porting the tool over to Android was made easy by the fact that it was generated using a free online service that creates Android apps with just a URL, HTML code or document file, Castillo blogged.
"In this case, the attack was created with only the URL of a specific pastehtml website that has a JavasScript version of LOIC to perform a DoS attack against the Argentinian government," he wrote. "The attack is part of the operation, run by an Anonymous cell in South America."
"When it is executed, a WebView component shows the contents of the URL, which is basically an HTML web page with a JavaScript that sends 1,000 HTTP requests with the message "We are LEGION!" as one of the parameters," he added.
‘We are LEGION’ is a common slogan used by members of Anonymous.
Recently, application delivery and security provider Radware released a report that noted that while large DDoS attacks often get the most publicity, many organizations are victimized by less intensive attacks that do plenty of damage. For example, the company found 76 percent of the attacks it analyzed from 2011 were less than 1Gbps in bandwidth, and 32 percent were less than 10 Gbps. Just nine percent of the attacks were more than 10 Gbps in bandwidth.
"Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools," Castillo wrote. "Because the application’s purpose is simply to display any website on an Android system, we classify this hack tool a potentially unwanted program (PUP). If you have enabled PUP detection (our default setting), then McAfee Mobile Security for Android will detect this tool as Android/DIYDoS."
LOIC works by sending a large amount of TCP/UDP packets to a specific URL, explained Carlos Castillo, a malware researcher with McAfee. Besides the new Android version, the tool has also been ported to JavaScript to perform a denial-of-service directly from the browser. Porting the tool over to Android was made easy by the fact that it was generated using a free online service that creates Android apps with just a URL, HTML code or document file, Castillo blogged.
"In this case, the attack was created with only the URL of a specific pastehtml website that has a JavasScript version of LOIC to perform a DoS attack against the Argentinian government," he wrote. "The attack is part of the operation, run by an Anonymous cell in South America."
"When it is executed, a WebView component shows the contents of the URL, which is basically an HTML web page with a JavaScript that sends 1,000 HTTP requests with the message "We are LEGION!" as one of the parameters," he added.
‘We are LEGION’ is a common slogan used by members of Anonymous.
Recently, application delivery and security provider Radware released a report that noted that while large DDoS attacks often get the most publicity, many organizations are victimized by less intensive attacks that do plenty of damage. For example, the company found 76 percent of the attacks it analyzed from 2011 were less than 1Gbps in bandwidth, and 32 percent were less than 10 Gbps. Just nine percent of the attacks were more than 10 Gbps in bandwidth.
"Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools," Castillo wrote. "Because the application’s purpose is simply to display any website on an Android system, we classify this hack tool a potentially unwanted program (PUP). If you have enabled PUP detection (our default setting), then McAfee Mobile Security for Android will detect this tool as Android/DIYDoS."
