Did Anonymous trick users, or is this the work of an independent profit-driven hacker?

Mar 2, 2012 12:42 GMT  ·  By

Most Anonymous supporters and individuals who have been following the events that took place after the closure of Megaupload are familiar with the distributed denial of service (DDOS) tools known as Low Orbit Ion Canon (LOIC) and Slowloris. Symantec researchers found out that the latter has been fitted with the malicious Zeus Trojan.

When Anonymous hacktivists called for the help of their supporters to launch DDOS attacks against sites such as the ones of the FBI, Department of Justice, and the White House, they made available a Pastebin post which contained detailed instructions on how to participate in the attacks, but also a download link to one of the DDOS tools mentioned before.

Experts from the world renowned security solutions provider determined that on January 20, 2012, the original Pastebin post, published on May 1, 2011, was altered, the link to the Slowloris tool being replaced with one that pointed to the Zeus-infected version.

From that point on, all the links advertised by the hacktivists pointed to the malicious variant of the software. This means that all the users who downloaded Slowloris after January 20, may have also unleashed the Trojan that’s known for stealing passwords, cookies, and any other sensitive information it finds, including online banking credentials.

Security researchers warn that Zeus is not something that can be easily removed, the botnet client also allowing its controllers to launch DOS attacks against a specific target without the users’ knowledge.

There are two possible versions to this story. The first is that Anonymous hackers fitted the Slowloris tool with Zeus to ensure that they can gain access to their supporters' computers later on and maybe even steal some of their passwords.

The second variant is that someone unrelated to Anonymous altered the tool and started advertising it, hoping that in the heat of the moment no one would bother to check it.

Whichever the case may be, Internet users that downloaded the DDOS application after January 20 are advised to use reliable security software to check for the presence of the infamous Trojan.