Symantec posted a blog at the weekend which detailed that Anonymous supporters were tricked into installed a Zeus Trojan.
According to the report, Cybercriminals modified a distributed denial of service tool called Slowloris to include a client for Zeus, well known malware that steals login details and passwords for banking websites. The blog says that the modified tool was targeted at Anonymous supporters.
Anonymouse have earned a reputation for targeting government and corporations which they deem as being corrupt. Then can then expose sensitive detail to embarrass or cause problems for the organisations. They have also taken down servers, including the well known campaign against Sony last year.
Anonymous can sometimes depend on support from internet users around the world, aiming denial of service attacks at specific websites. They link to DDOS tools for people to download, so they can ‘join’ in the attacks. In May 2011 on the Pastebin clipboard website Anonymous posted their supporters to download a DDOS tool called Slowloris. This was widely linked to from various sites at the time.
Symantec however have discovered that Zeus cybercriminals copied the post word for word and reposted it on Jan 20th. The link however pointed to a Slowloris DDOS tool which was modified with malicious code. It was posted on the same day that Megaupload was taken down by law enforcement agencies in several countries. This tied in with a genuine campaign by Anonymous.
The modified, malicious version of Slowloris apparently appeared in another version guide which Anonymous posted, also being linked to via Twitter online. Symantec added that if someone downloads this malicious version of the tool then the malware will also try to conceal the infection by downloading the real Slowloris application.
Users who have opened the malicious version may have had their email information, banking details and cookies stolen.
Symantec said “Not only will supporters be breaking the law by participating in DOS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen.”
Kitguru says: Taking part in these attacks is risky enough, but looks like the risks just got even higher.