Symantec finds Zeus infected Aonymous DDoS tool
Considering Anonymous’ disparate nature, and no central authority calling the shots, it’s a surprise this group has not turned on each other already. Antivirus firm Symantec reports that associates of the group are finding themselves victims of denial-of-service software that has been infected by a Trojan horse.
In previous attacks, Anonymous hacktivists have shown an affinity for Slowloris, a simple tool for DDoSing websites. The group distributes this software through a how-to guide on Pastebin. On January 20, however, hackers broke into this document and changed the Slowloris download links to a modified version of the software infected with Zeus, a popular Trojan horse.
The infected client still works as expected, however behind the scenes it’s doing much more. Zeus steals passwords as well as other credentials including cookies. The link change occurred around the same time as the raid on Megaupload, Symantec says. Unless Anonymous checked the code behind the document, they would have never known anything changed.