Anonymous' supporters tricked into installing Zeus
Posted on 02.03.2012
Anonymous supporters that joined Operation Megaupload got more than they bargained for when they downloaded what they believed was the Slowloris DoS tool from a Pastebin post.

Mere hours after the Megaupload raid and the arrest of its operators, an unknown individual copied and pasted a original Anonymous Pastebin entry offering the actual tool and replaced the download link with a Trojanized version.

"Later that same day, a separate Anonymous DoS guide was posted on Pastebin which included links to various DoS tools. Slowloris was included in this list of tools—the Trojanized version copied from the modified guide," Symantec researchers pointed out.

This last post went viral among Anonymous supporters (click on the screenshot to enlarge it):

And a link to the guide is still being reposted regularly on Twitter.

Once downloaded, installed and run, the Trojanized Slowloris version drops the Zeus botnet client and begins collecting and sending credentials and cookies to the crook's C&C server. In addition to all this, the botnet orders the Slowloris tool on the infected user's computer to attack Anonymous targets, and the illusion is complete.

The user is now doubly endangered. "Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen," the researchers say.

Speculating on whether a "high-rank" Anonymous member is behind the scheme seems impossible given the nature of the hacker group.


Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Jul 25th