Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is low orbit ion canon a virus?


  • Please log in to reply
9 replies to this topic

#1 BottledDragon

BottledDragon

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 13 July 2016 - 04:08 PM

I recently download low orbit ion canon to stress test a server that I own. When i scanned it on virustotal, lots of scanners say its a virus. Is it a virus or is it just because its a stress tester for servers?

 

The virustotal scan:

https://www.virustotal.com/en/file/b6d6e0d1dce867836a684a0af278e46ed4a50be49a784ab7bfcb3ed59841c9d0/analysis/



BC AdBot (Login to Remove)

 


#2 Viper_Security

Viper_Security

  • Members
  • 821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:12:54 PM

Posted 13 July 2016 - 04:28 PM

"stress testing" is another way of saying DDOS,

 

it's not for servers, it was made to DDOS (Distributed Denial of Service Attack)

 

it shouldn't be a virus. it's a false positive.

 

I'm curious as to why you are using a windows based tool (with known vulnerabilities) instead of the legit linux ones if you are in fact "stress testing your own server"


Edited by Viper_Security, 13 July 2016 - 04:29 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 PM

Posted 13 July 2016 - 04:42 PM

A majority of the detections point to it being a Hack Tool....typically a program, crack, or keygen used by hackers for activating/installing pirated software or to gain access to a computer without authorization.However, some administrative tools may be detected as Risk Tool, or Hacking tool because they have the potential of being misued by others. Such a detection could also occur for a variety of other reasons to include a program's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. Since these detections do not necessarily mean the file is malicious or a bad program, in some cases the detection may be a "false positive".

As noted above by Viper_Security

Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application, written in C#.

About Low Orbit Ion Cannon
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Ethan_PCG

Ethan_PCG

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:54 PM

Posted 14 July 2016 - 08:30 AM

LOIC isn't a virus. If you are downloading LOIC when anti virus is on the anti virus will detect it as hacking software. Most people turn off antivirus when they are downloading LOIC. 

 

I haven't downloaded LOIC myself if you're wondering.


"I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone."
- Bjarne Stroustrup
 
 
 

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 14 July 2016 - 10:56 AM

Also just so you know, LOIC is a DoS tool, since it only uses your own connection. When LOIC was used for DDoS attacks, it's because multiple users around the world each launched LOIC on their system to target a specific one, which made this a DDoS attack. Also, LOIC is pretty much what we would call a "script kiddie" (skid) tool for wannabe hackers, same thing for HOIC. If you really want to stress test your server, I suggest you to look at more appropriate, "professional" options.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Viper_Security

Viper_Security

  • Members
  • 821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:12:54 PM

Posted 14 July 2016 - 11:25 AM

Also just so you know, LOIC is a DoS tool, since it only uses your own connection. When LOIC was used for DDoS attacks, it's because multiple users around the world each launched LOIC on their system to target a specific one, which made this a DDoS attack. Also, LOIC is pretty much what we would call a "script kiddie" (skid) tool for wannabe hackers, same thing for HOIC. If you really want to stress test your server, I suggest you to look at more appropriate, "professional" options.

Agreed, i use ****g3 for mine, SOOOO many more options, even from command line.

 

Name of program is in asterisks because im not sure if people will use in the wrong way (linux only)


    IT Auditor & Security Professional

hQBT2G3.png


#7 Ethan_PCG

Ethan_PCG

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:08:54 PM

Posted 14 July 2016 - 12:15 PM

DoS= 1 Computer

 

DDoS = Multiple computers 

 

Correct? 


"I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone."
- Bjarne Stroustrup
 
 
 

#8 Viper_Security

Viper_Security

  • Members
  • 821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:12:54 PM

Posted 14 July 2016 - 12:28 PM

DoS= 1 Computer

 

DDoS = Multiple computers 

 

Correct? 

Kind of,

 

The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource.

The DDoS attack uses multiple computers and Internet connections to flood the targeted resource.

 

 

Then there is a TearDrop Attack, which is like dos/ddos but the packets multiply themselves.


Edited by Viper_Security, 14 July 2016 - 12:29 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 PM

Posted 14 July 2016 - 03:07 PM


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 16 July 2016 - 03:59 PM

Is that server on the Internet?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users