AtE

Prevent the threat of the Low Orbit Ion Cannon tool, Web-based malware

When Anonymous recently coordinated DDoS attacks against multiple websites, including the site for the U.S. Department of Justice, the collective picked up some unwitting accomplices simply by getting them to click on an innocent-looking Web link, which triggered the Low Orbit Ion Cannon tool to attack designated targets.  Is this likely to be a trend going forward, and is there an effective technology or other solution that can prevent users from being compromised in this way?

    Requires Free Membership to View

Ask the expert!

Do you have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Using Web links that seem innocent so that the installation of malware is triggered is a common tactic used to attack client computers. Anonymous used this tactic to advance one of its goals: the disruption of several websites.

This sort of Web links may appear innocent, but they utilize social engineering to convince users to click on potentially malicious links.  Users are fortunate that only the Low Orbit Ion Cannon tool was triggered and that Anonymous hadn't installed more malicious software. In March 2012, Symantec Corp. blogged about how Anonymous supporters were tricked into installing the Zeus malware, which could have more dire consequences for affected users. The Low Orbit Ion Cannon tool has a local executable version and a Web-based JavaScript version, both of which can be easily triggered via Web links.

In previous Ask the Expert editions, I've covered how to protect users from being compromised by Web-based malware, and the same steps can be taken to help prevent enterprise users from unknowingly running the Low Orbit Ion Cannon tool. To help users avoid knowingly using the Low Orbit Ion Cannon tool, enterprises can use a security awareness message to remind them that tools like this can be traced back to the systems involved in the attack. An enterprise can also monitor the network for traffic that matches the Low Orbit Ion Cannon, alert or block the specific traffic, and then remediate the systems involved. To completely prevent systems from participating in an outgoing attack using the Low Orbit Ion Cannon or similar tools, the outgoing connections on a network can be blocked, but this could also block legitimate connections.

This was first published in August 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: