Online LOIC (mobile LOIC) is flexible because it can run on various browsers and be accessed remotely. Typically, attack organizers post a URL for the website hosting the page and invite others to use the tool to attack the specified target. Since only a web browser is required, an attacker can use a smartphone to generate an attack.
Offering extremely simple operation, Online LOIC has only three configuration parameters:
- Target URL - the URL of the attacked target. Must start with http://
- Requests per second - the number of desired requests to be sent per second
- Append message - the content for the message parameter to be sent within the URL of HTTP requests
- Consisting of simple 100 lines of code that execute web requests in a loop. It is possible to append text with an appropriately revolutionary message.
Recently, a new variant of this DDoS tool was detected, which incorporates several techniques to bypass detection and provide greater redundancy. These include:
- Removal of a message field that existed in the original version and had its value included in the attack packets themselves. This is most likely in order to try and avoid signature based protections.
- Links from each attack page to up to 4 mirror attack pages hosted on other servers in order to quickly reference users and allow the attack campaign to continue even if one or more of the mobile LOIC nodes are taken down.
- Additionally, several "cosmetic" functionalities were also added such as listing the number of current attackers using the tool, and reflecting the current client IP detected by the tool which may prove useful when trying to avoid attacks using an attackers real IP address.