Members of the hacktivist collective Anonymous have themselves been targeted by attackers, who tricked them into installing Zeus botnet code on their systems, according to Symantec.
In a report last week Symantec described how attackers directed Anonymous members toward code that had been Trojanised with Zeus client software. Users who believed they were voluntarily joining an Anonymous botnet in order to support the group’s denial-of-service attacks also joined the Zeus botnet.
“Anonymous supporters have been deceived into installing Zeus botnet clients purportedly for the purpose of DoS attacks,” Symantec stated. “The Zeus client does perform DoS attacks, but it doesn’t stop there. It also steals the users’ online banking credentials, webmail credentials, and cookies.”
Ironically, the incident meant that Anonymous’ supporters were themselves exposed to danger, the report found.
“Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen,” Symantec said in the report. “The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world.”
The attack began on 20 January, when a guide posted on PasteBin for the use of Anonymous members was modified to include a link to the Trojanised code.
Users who thought they were downloading Slowloris, a denial-of-service attack tool, received a version of the tool with a Zeus client concealed within.
A second Anonymous guide on PasteBin was also modified to include a link to the Trojanised code, Symantec said.
Since January, the security company found that the Trojanised link has spread quickly through the Anonymous community, with more than 26,000 views of the PasteBin page and 400 tweets referring to the post.
However, Anonymous members themselves have responded that in some cases those tweets were warning of the compromised link rather than recommending it.
“Dear @Symantec – @YourAnonNews NEVER posted the DDOS hijacker nor did we attempt to trick people; instead we WARNED of it,” a user on the Twitter feed YourAnonNews wrote following the Symantec report.
“This post from @Symantec about @YourAnonNews’s spreading the DDOS hijacking trojan is wrong & libelous to say the least,” another user wrote on the same Twitter feed.
Last month, law enforcement officers working in Spain, Argentina, Chile and Columbia arrested 25 individuals believed to be connected with Anonymous. The international ‘Operation Unmask’ was launched by Interpol in February following attacks on Chile’s Endesa electricity company, its National Library, and Columbia’s Ministry of Defence and presidential sites, among others.
Earlier in February a number of Greek government websites were taken down the collective in solidarity with the Greek protesters who oppose the government’s austerity measures. Among the sites to be attacked were those the of the Greek prime minister, the national police and the Ministry of Finance.
Are you smarter than Anoymous? Try our security quiz and find out!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
View Comments
So it is alright for a maajor security company to distribute malware. Is that not against the law? I look forward to Symantec being taken to court - surely they will! Seems the rumours that security companies are the biggest distributors of malware seem to have some truth - despite my previous disbelief at those rumours.