Anonymous' supporters tricked into installing Zeus
Posted on 02.03.2012
Anonymous supporters that joined Operation Megaupload got more than they bargained for when they downloaded what they believed was the Slowloris DoS tool from a Pastebin post.

Mere hours after the Megaupload raid and the arrest of its operators, an unknown individual copied and pasted a original Anonymous Pastebin entry offering the actual tool and replaced the download link with a Trojanized version.

"Later that same day, a separate Anonymous DoS guide was posted on Pastebin which included links to various DoS tools. Slowloris was included in this list of tools—the Trojanized version copied from the modified guide," Symantec researchers pointed out.

This last post went viral among Anonymous supporters (click on the screenshot to enlarge it):


And a link to the guide is still being reposted regularly on Twitter.

Once downloaded, installed and run, the Trojanized Slowloris version drops the Zeus botnet client and begins collecting and sending credentials and cookies to the crook's C&C server. In addition to all this, the botnet orders the Slowloris tool on the infected user's computer to attack Anonymous targets, and the illusion is complete.

The user is now doubly endangered. "Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen," the researchers say.

Speculating on whether a "high-rank" Anonymous member is behind the scheme seems impossible given the nature of the hacker group.






Spotlight

(IN)SECURE Magazine issue 43 released!

Posted on 16 September 2014.  |  (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. This issue covers web application security, mobile hacking, certification, Black Hat, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //