Symantec and Anonymous fall out over Trojanised hack-tool download

Filed Under: Denial of Service, Featured, Malware, Social networks

This morning I was approached by a local security writer for my thoughts about a recent claim by Symantec.

Apparently, supporters of Anonymous, keen to join DDoS attacks using the infamous Slowloris tool, had instead been tricked by opportunistic cybercrooks into installing malware:

The deception of Anonymous supporters began on January 20, 2012, the day of the FBI Megaupload raid. An attacker took a popular PasteBin guide, used by Anonymous members for downloading and using the DoS tool Slowloris, and modified it. In this modified version, the attacker changed the download link to a Trojanized version of the Slowloris tool with matching text...

But Symantec's account was promptly and anonymously (who would have thought?) denied as wrong and libellous:

(I wonder if the claimants in this Tweet will ever out themselves in a civil court in the State of California to make their case against Symantec? That would be one to watch!)

There's a world of warning in this saga, whichever way you look at it.

If you react to an advert from an unknown user on a social network by downloading an unknown program from an unverifiable link uploaded to an untrusted website by an unknown person...

...what do you really expect to happen?

The answer, of course, is, "Anything and everything!"

And if your intention was, in any case, to download and deploy Slowloris, look in the mirror and ask yourself some questions.

Do you really want to associate yourself with software which openly proclaims itself to be a low bandwidth, yet greedy and poisonous HTTP client?

Do you really consider yourself an activist by fetching and using such software?

Or are you just turning yourself into yet another internet vandal hiding behind a smokescreen of anonymity to serve the uncertain purposes of persons unknown?

As our colleague Graham recently wrote, on the twentieth anniversary of the Michelagelo virus:

One wonders what fun can be really had from a virus which marks such a key milestone in malware history as Michelangelo, if you can't ever tell anyone that it was you who created it.

Want to be an internet activist?

Learn to build, not to break. To challenge, not to vandalise. To evangelise, not to alienate.

And think before you click.

This was a public safety announcement. Thanks for listening.


Featured image of Slow Loris courtesy of Wikipedia. (Published in the US before 1923 and public domain in the US.)

, , , ,

You might like

4 Responses to Symantec and Anonymous fall out over Trojanised hack-tool download

  1. Radau · 1275 days ago

    Very nice article, love how you hit on the point of building not breaking. So many children nowadays are so gullible and able to be coerced into doing something destructive simply because they are told it will help.

  2. Machin Shin · 1274 days ago

    "Learn to build, not to break. To challenge, not to vandalise. To evangelise, not to alienate."

    If only our governments could take this to heart then I have a feeling groups such as anonymous would quietly just fade into the background.

  3. The_J · 1274 days ago

    ...I don't see that you say that Sophos also detected malware in the mentioned downloads...

    So there's no way to know if this is not maybe really a hidden anti hacking campaign and that there was in fact no infected download.

    (...that doesn't mean that I don't think that this is a good's very good imho).

  4. guest · 1274 days ago

    One account reported that the malware was gathering personal information from the infected machines, including bank account info, email accounts and contact lists, etc. Yet no one seems to have publicly suggested that this might have been done by someone connected to the security industry or law enforcement to gather information on the Anonymous community.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog