![low orbit ion cannon low orbit ion cannon](http://1.bp.blogspot.com/-Nc7E-ehGXCM/Uxc58-lVl9I/AAAAAAAAAFo/OEgZiDZfyuc/w1200-h630-p-k-no-nu/g_919169160_35_jogo_command-and-conquer-3-tiberium-wars-4.jpg)
It therefore needs either to prove that a particular computer was engaged in a DDoS attack, or to catch it in the act. The general consensus, however, is that law enforcement will not automatically get support from the anti-virus industry. Like other security companies, Kaspersky operates ethically and engages with other vendors and law enforcement to help bring down networks that facilitate these type of attacks like for example the recent Hlux/Kelihos botnet.” The implication is that Kaspersky would consider a LOIC-led DDoS attack as just another botnet, and act accordingly. “They are mostly targeted attacks against web servers and as such will normally get under the radar of traditional and cloud based detection systems. “LOIC is normally used in denial of service of service attacks,” security researcher Ram Herkanaidu told Infosecurity. The one potentially dissenting voice came from Kaspersky. “We tell the customers what we find, and in some cases they're quite happy with it.” Since LOIC “can legitimately be used as a network stress tool,” adds Ferguson, “an automatic assumption of guilt would be very wrong.” “No, I don't think we have any responsibility to report the existence of LOIC that we detect on customers' systems to the authorities,” Sophos senior technology consultant Graham Cluley told Infosecurity. We cannot store nor trace IP addresses either.” We create a unique identifier for each computer, and we cannot trace back a computer based on that unique id. Furthermore, we cannot know if the user was using it to perform an attack, and in our case, even though our cloud system communicates with the client system, we cannot identify who that user is. “When it comes to disclosure,” said Ferguson, “most vendors will only give up data to law enforcement regarding their own customers on receipt of the required legal documentation to force them to do so, and that definitely includes Trend.” Corrons agrees, “no vendor will report it to authorities.
![low orbit ion cannon low orbit ion cannon](http://img2.wikia.nocookie.net/__cb20140221012911/infinitywarsatcg/images/2/27/RISE_LOW_ORBIT_ION_CANNON.png)
If cloud-based anti-virus finds malware, and has the facility to report back to the vendor, the question then is whether the vendors have a duty to report that to the authorities. The main danger to the user, of course, is potential detection and subsequent prosecution by the authorities. If detected, it should be detected as a hacking tool, as in some environments the user may want the option to work with it – otherwise it could be considered a false positive.” Running a scan in VirusTotal, he adds, shows that 26 out of 42 scanners detect it, and most of them as a hacking tool. Therefore, it can be detected or not, depending on each vendor. “LOIC is not a malicious file per se,” he told Infosecurity, “it is a tool which can be used for malicious purposes. Luis Corrons, technical director at PandaLabs, takes a similar view. We detect it as a ‘hacker tool’.” Sophos has detected LOIC as a ‘potentially unwanted application’ since 2008. “But since it is manually installed, used voluntarily and very transparent about what it does, it is not strictly malware.
![low orbit ion cannon low orbit ion cannon](https://image.slidesharecdn.com/loworbitioncannon-150416210335-conversion-gate01/95/low-orbit-ion-cannon-1-638.jpg)
“ Trend Micro started detecting it in 2010,” Rik Ferguson, director of security research told Infosecurity. It is LOIC that is detected, not a separate infection within it. LOIC is open-source, which would make it effectively impossible to infect without someone noticing.
#Low orbit ion cannon download
Anti-virus products can detect it, leading some users to believe that the whole concept is a ploy by hackers to use the download to infect their computers. There is some controversy over the potential danger to the user in using LOIC. A single canon doesn’t have enough fire power to harm the target, but LOIC users effectively become a willing partner in a botnet that can be controlled and directed from an activist command server. It does little more than repeatedly send requests to the target web server. LOIC is a simple application that allows users to – illegally, it has to be said – take part in a distributed denial of service attack without needing to be a computer expert. Downloads in Germany, however, are decreasing. “The US, France and Brazil were the respective gold, silver and bronze medalists,” with France rapidly overhauling America. Writing in the Imperva Data Security Blog, Rob Rachwald notes that by 22 April, downloads in 2012 surpassed the total for 2011 – that’s “142 downloads per hour,” he notes.