Categories: SecurityWorkspace

Anonymous Members Hit By Zeus Botnet Scam

Members of the hacktivist collective Anonymous have themselves been targeted by attackers, who tricked them into installing Zeus botnet code on their systems, according to Symantec.

In a report last week Symantec described how attackers directed Anonymous members toward code that had been Trojanised with Zeus client software. Users who believed they were voluntarily joining an Anonymous botnet in order to support the group’s denial-of-service attacks also joined the Zeus botnet.

Zeus botnet

“Anonymous supporters have been deceived into installing Zeus botnet clients purportedly for the purpose of DoS attacks,” Symantec stated. “The Zeus client does perform DoS attacks, but it doesn’t stop there. It also steals the users’ online banking credentials, webmail credentials, and cookies.”

Ironically, the incident meant that Anonymous’ supporters were themselves exposed to danger, the report found.

“Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen,” Symantec said in the report. “The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world.”

The attack began on 20 January, when a guide posted on PasteBin for the use of Anonymous members was modified to include a link to the Trojanised code.

Users who thought they were downloading Slowloris, a denial-of-service attack tool, received a version of the tool with a Zeus client concealed within.

Link spreads

A second Anonymous guide on PasteBin was also modified to include a link to the Trojanised code, Symantec said.

Since January, the security company found that the Trojanised link has spread quickly through the Anonymous community, with more than 26,000 views of the PasteBin page and 400 tweets referring to the post.

However, Anonymous members themselves have responded that in some cases those tweets were warning of the compromised link rather than recommending it.

“Dear @Symantec – @YourAnonNews NEVER posted the DDOS hijacker nor did we attempt to trick people; instead we WARNED of it,” a user on the Twitter feed YourAnonNews wrote following the Symantec report.

“This post from @Symantec about @YourAnonNews’s spreading the DDOS hijacking trojan is wrong & libelous to say the least,” another user wrote on the same Twitter feed.

Arrests

Last month, law enforcement officers working in Spain, Argentina, Chile and Columbia arrested 25 individuals believed to be connected with Anonymous. The international ‘Operation Unmask’ was launched by Interpol in February following attacks on Chile’s Endesa electricity company, its National Library, and Columbia’s Ministry of Defence and presidential sites, among others.

Earlier in February a number of Greek government websites were taken down the collective in solidarity with the Greek protesters who oppose the government’s austerity measures. Among the sites to be attacked were those the of the Greek prime minister, the national police and the Ministry of Finance.

Are you smarter than Anoymous? Try our security quiz and find out!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • So it is alright for a maajor security company to distribute malware. Is that not against the law? I look forward to Symantec being taken to court - surely they will! Seems the rumours that security companies are the biggest distributors of malware seem to have some truth - despite my previous disbelief at those rumours.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago