Anonymous Members Hacked During Their Own DDoS Attacks

Illustration for article titled Anonymous Members Hacked During Their Own DDoS Attacks

Membership in the Anonymous hacker collective is not without its dangers—and I don't mean just the 25 Guys in custody. Turns out that someone slipped a Trojan into some popular Anon DDoS software and has been stealing bank info from anyone that runs it.

Advertisement

Slowloris is a popular, easy-to-use, distributed denial-of-service (DDoS) program named in an Anonymous-backed list of attack tools that began circulating after the Feds yanked MegaUpload. Not on the approved list, however, was the Zeus Trojan that someone conveniently implanted in Slowloris around the same time. Zeus is a malicious piece of software designed to siphon banking credentials from infected systems. And with the poisonous version of Slowloris making the rounds in the MegaUpload backlash, countless users may have unwittingly compromised their own bank accounts in their attempts to play "hacktivist."

Advertisement

The exploit was discovered by Symantec. "Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets," Symantec wrote, "but may also be at risk of having their online banking and email credentials stolen."

So congratulations script kiddies, I'm sure the satisfaction of knocking a few websites offline for a couple of hours in that online tantrum was totally worth opening your collective wallets to the Internet. I'm equally sure that whichever slick sumbitch that inserted the Zeus and effortlessly exploited your blind, slavering, eagerness to be part of the crowd shares your high-minded ideals about IP protection policies. [Symantec via MSNBC]

Image: Tatiana Popova / Shutterstock

Share This Story

Get our newsletter

DISCUSSION

sarcasticmexican1-old
sarcasticmexican1

That's the beauty of chase online, even with the correct username and password the system won't let you in unless you type in a code that gets sent to your cell. Are some online banks really that insecure where all a trojan needs is a username and password to get in?