Anonymous' supporters tricked into installing Zeus
Posted on 02.03.2012
Anonymous supporters that joined Operation Megaupload got more than they bargained for when they downloaded what they believed was the Slowloris DoS tool from a Pastebin post.

Mere hours after the Megaupload raid and the arrest of its operators, an unknown individual copied and pasted a original Anonymous Pastebin entry offering the actual tool and replaced the download link with a Trojanized version.

"Later that same day, a separate Anonymous DoS guide was posted on Pastebin which included links to various DoS tools. Slowloris was included in this list of tools—the Trojanized version copied from the modified guide," Symantec researchers pointed out.

This last post went viral among Anonymous supporters (click on the screenshot to enlarge it):

And a link to the guide is still being reposted regularly on Twitter.

Once downloaded, installed and run, the Trojanized Slowloris version drops the Zeus botnet client and begins collecting and sending credentials and cookies to the crook's C&C server. In addition to all this, the botnet orders the Slowloris tool on the infected user's computer to attack Anonymous targets, and the illusion is complete.

The user is now doubly endangered. "Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen," the researchers say.

Speculating on whether a "high-rank" Anonymous member is behind the scheme seems impossible given the nature of the hacker group.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st