Anonymous' supporters tricked into installing Zeus
Posted on 02.03.2012
Anonymous supporters that joined Operation Megaupload got more than they bargained for when they downloaded what they believed was the Slowloris DoS tool from a Pastebin post.

Mere hours after the Megaupload raid and the arrest of its operators, an unknown individual copied and pasted a original Anonymous Pastebin entry offering the actual tool and replaced the download link with a Trojanized version.

"Later that same day, a separate Anonymous DoS guide was posted on Pastebin which included links to various DoS tools. Slowloris was included in this list of tools—the Trojanized version copied from the modified guide," Symantec researchers pointed out.

This last post went viral among Anonymous supporters (click on the screenshot to enlarge it):


And a link to the guide is still being reposted regularly on Twitter.

Once downloaded, installed and run, the Trojanized Slowloris version drops the Zeus botnet client and begins collecting and sending credentials and cookies to the crook's C&C server. In addition to all this, the botnet orders the Slowloris tool on the infected user's computer to attack Anonymous targets, and the illusion is complete.

The user is now doubly endangered. "Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen," the researchers say.

Speculating on whether a "high-rank" Anonymous member is behind the scheme seems impossible given the nature of the hacker group.






Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //