ANONYMOUS Members Tricked Into Installing Malware. Whoops
Anonymous. Take down a lot of giants by the ankles. Biting and pinching and fighting unfairly. Even the gnats take one off the chin every once in a while, though. The security wizards at Symantec think the legion may have gotten themselves hacked up during a January DDoS attack.
New Scientist:
Members of Anonymous regularly band together to take down websites owned by those they don’t like, but security firm Symantec reports that a recent attack could actually have backfired, putting amateur hacktavists’ bank accounts at risk.
Anonymous uses tools such as the Low Orbit Ion Cannon or Slowloris to perform distributed denial-of-service (DDoS) attacks against its targets, with sympathetic Anons downloading the software to become part of a voluntary botnet.
In January the group decided to hit the websites of the US Department of Justice and various media companies in response to the takedown of file storage site Megaupload, providing a guide on Pastebin for those who wished to take part in the attacks. Symantec says that an attacker appears to have copied that guide and inserted their own version of the Slowloris software containing a secret Trojan that downloaded a copy of Zeus, a piece of malware often used to take control of an infected computer.
Computers infected with the malware still took part in the Anonymous DDoS attacks, but were also secretly sending online bank account and webmail logins back to the attacker. Anonymous members have tweeted links to to this fake guide nearly 500 times, referring to it as “Tools of the DDos trade” and “Idiot’s Guide to Be Anonymous.”
“Not only will supporters be breaking the law by participating in [D]DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen,” says Symantec. “The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world.”
Hey, yo. With great power comes responsibility. Or some shit.