Anonymous Tricked Into Downloading Trojan

    March 2, 2012
    Zach Walton
    Comments are off for this post.

Anonymous may be most known for their DDoS attacks on company and government Web sites. It turns out, however, that those DDoS attacks may not have been all that safe for the Anon members partcipating.

The Symantec blog recently detailed how Anonymous members were tricked into downloading a Trojan infected version of Anonymous’ DDoS tool, the Low Orbit Ion Cannon. The Zeus botnet users downloaded steals their online banking and email credentials alongside their cookies.

The infection deception apparently began on the day MegaUpload was taken down by the authorities. This is when Anonymous jumped into action and began #OpMegaUpload. There were reports then that users were tricked into launching DDoS attacks against their will.

The Trojan was a bit different, however, in that somebody switched out a link in a guide for DDoS attacks on PasteBin. The first link was to Mediafire, but a second post on the day of #OpMegaUpload led to a multiupload file that featured a larger client that contained the virus.

Anonymous Downloading Trojan

It began to spread from there with a another user guide to DDoS including a link to the Trojan infected version of the DDoS tool Slowloris.

What followed was a social media spread that saw 470 tweets all linking to the infected tool. There were probably many more people sharing the two guides containing the infected tool beyond just what was seen on Twitter.

When Anonymous members downloaded the Slowrolis tool, they became infected with the Zeus botnet Trojan. The virus sticks to its profession as a Trojan by pretending to be the Slowrolis tool. While it does perform the DDoS attack as expected, it also, as explained above, sends the users financial banking credentials to the operator of the botnet.

Symantec, while reiterating that DDoS attacks are illegal, says they aren’t the only threat anymore.

The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world.

Anonymous is now aware of the trojan and is urging its members to exercise caution.

http://t.co/hT56i69o | #Anonymous supporters tricked into installing Zeus trojan | This MUSTN’T happen. Be careful what you post & click on! 9 hours ago via LulzTweeter ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

  • http://www.securemecca.com Henry Hertz Hobbit

    So now we have hundreds of anonymous members with infected machines that cannot say anything about having their money stolen. Maybe they won’t even be aware of it until they have their OS disabled as the hacker leaves with their money. My dilemna is different than anonymous. Shall I block bit.ly or not? Maybe that run through the bit.ly tracker to download AdBlock for the Chrome browser needs the block just relaxed momentarily or maybe they don’t need AdBlock. I noticed a lot of bit.ly links to the malware here as in the past. The hackers have been hacked.

  • http://j.mp/AdflyBot adfly auto bot

    I’ve been browsing online more than 3 hours today, but I by no means discovered any fascinating article like yours. It’s pretty value sufficient for me. In my opinion, if all website owners and bloggers made good content as you did, the web might be a lot more useful than ever before.