Top 5 Stories


Anonymous challenges Symantec claim about trojanized DDoS tool

06 March 2012

Anonymous is challenging a claim made by security firm Symantec that hacktivists who used a modified Slowloris distributed denial of service (DDoS) tool to bombard the FBI downloaded a data-stealing trojan instead.

In a blog last week, Symantec said that some Anonymous supporters who downloaded a modified Slowloris DDoS tool to attack the FBI and other organizations following the agency’s raid on Megaupload also downloaded a Zeus trojan that steals banking and webmail credentials.

“When the Trojanized Slowloris tool is downloaded and executed by an Anonymous supporter, a Zeus (also known as Zbot) botnet client is installed. After installation of the Zeus botnet client, the malware dropper attempts to conceal the infection by replacing itself with the real Slowloris DoS tool”, Symantec explained.

“The Zeus client is being actively used to record and send financial banking credentials and webmail credentials to the botnet operator. Additionally, the botnet is being used to force participation in DoS attacks against Web pages known to be targets of Anonymous hacktivism campaigns”, the security company added.

“Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen. The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world”, the blog concluded.

However, an Anonymous tweet challenged the Symantec analysis, charging that the claim was “wrong and libelous.” The tweet did not provide any information refuting the Symantec analysis.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×