We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Anonymous supporters tricked into installing Zeus Trojan

Slowloris Pastebin guide included malicious link

Thousands of Internet users downloading the Slowloris tool to participate in recent DoS attacks in support of the Anonymous protest movement could have infected themselves with the Zeus banking Trojan, Symantec has reported.

The attack appears to have started just after the FBI's 20 January raid on Kim Schmitz's Megaupload file sharing service on piracy charges, which led to a campaign in which outraged users were invited to attack industry and Federal sites using DIY DoS software such as Slowloris.

It now appears that an opportunistic criminal altered one of the download links to the tool inside a PasteBin 'how guide', pointing it to a server hosting a Trojanised version of the tool.

Compounding this, the infected link was unwittingly spread by users through Twitter, with 400 individual tweets including the link to add to the 26,000 people viewing the guide on Pastebin.

Any Windows user downloading the software would have been installing Zeus (aka Zbot) on their PC, after which a genuine version of Slowloris would have installed as a concealment tactic.

The Zeus variant detected not only records logins for any web service the users subsequently visits, but in theory will continue to attack targets antagonistic to Anonymous. How successful these attacks might be is anyone's guess - Slowloris is usually seen as a tool to launch attacks from Linux systems.

"Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen," Symantec said.

"The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world."

The fashion for using non-technical DDoS tools to support global Internet causes goes back to late 2010 when Anonymous sympathisers were invited to download the JavaScript Low Orbit Ion Cannon (LOIC) to launch web attacks in support of Wikileaks and its founder, Julian Assange.

Probably the most famous use of the more technically-involved Slowloris was to attack Iranian Government servers at the time of the disputed election of 2009.

IDG UK Sites

Android M Developer Preview announced at Google I/O: Android M UK release date and new features. Wh?......

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Mac OS X 10.11 release date rumours: all the new features expected in Yosemite successor