We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,864 News Articles

Anonymous supporters tricked into installing Zeus Trojan

Slowloris Pastebin guide included malicious link

Thousands of Internet users downloading the Slowloris tool to participate in recent DoS attacks in support of the Anonymous protest movement could have infected themselves with the Zeus banking Trojan, Symantec has reported.

The attack appears to have started just after the FBI's 20 January raid on Kim Schmitz's Megaupload file sharing service on piracy charges, which led to a campaign in which outraged users were invited to attack industry and Federal sites using DIY DoS software such as Slowloris.

It now appears that an opportunistic criminal altered one of the download links to the tool inside a PasteBin 'how guide', pointing it to a server hosting a Trojanised version of the tool.

Compounding this, the infected link was unwittingly spread by users through Twitter, with 400 individual tweets including the link to add to the 26,000 people viewing the guide on Pastebin.

Any Windows user downloading the software would have been installing Zeus (aka Zbot) on their PC, after which a genuine version of Slowloris would have installed as a concealment tactic.

The Zeus variant detected not only records logins for any web service the users subsequently visits, but in theory will continue to attack targets antagonistic to Anonymous. How successful these attacks might be is anyone's guess - Slowloris is usually seen as a tool to launch attacks from Linux systems.

"Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen," Symantec said.

"The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world."

The fashion for using non-technical DDoS tools to support global Internet causes goes back to late 2010 when Anonymous sympathisers were invited to download the JavaScript Low Orbit Ion Cannon (LOIC) to launch web attacks in support of Wikileaks and its founder, Julian Assange.

Probably the most famous use of the more technically-involved Slowloris was to attack Iranian Government servers at the time of the disputed election of 2009.

IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'