Anonymous members hoist by own petard

Posted by Emma Woollacott

Anonymous members hoping to take part in denial of service attacks have unwittingly been downloading a version of the Zeus trojan, putting their financial details at risk.

According to Symantec, which uncovered the hack, the fun began on January 20 this year - the day file-sharing site Megaupload was shut down. Anonymous mmembers immediately took to their computers to hit the Department of Justice and the FBI in retaliation.

But, for many, things didn't go as planned. It seems that a different group of hackers had copied the template of an Anonymous blueprint for launching DDoS attacks, which included the Slowloris tool.

They then modified the template to include a link to a version of Slowloris that was infected with a strain of Zeus and reposted it on Pastebin.

"When the Trojanized Slowloris tool is downloaded and executed by an Anonymous supporter, a Zeus (also known as Zbot) botnet client is installed. After installation of the Zeus botnet client, the malware dropper attempts to conceal the infection by replacing itself with the real Slowloris DoS tool," says Symantec on the company blog.

"The Zeus client is being actively used to record and send financial banking credentials and webmail credentials to the botnet operator."

The Anonymous Twitter account appears to confirm that the Symantec report is accurate.

"#Anonymous supporters tricked into installing Zeus trojan | This MUSTN'T happen. Be careful what you post & click on!," it warns.

It's not known how many members may have been infected.