Hacker on hacker: Zeus bot master dupes Anonymous backers into installing password stealer
Someone switched Anonymous-recommended DDoS attack tool for malware that filches banking credentials, email passwords
Computerworld - Hackers have duped supporters of the Anonymous group into installing the Zeus botnet, which steals confidential information from PCs, including banking usernames and passwords, security researchers said last week.
According to Symantec, someone modified a link to a popular distributed denial-of-service (DDoS) attack tool to direct users to a Zeus bot Trojan instead.
The replacement of a Zeus client for the "Slowloris" DDoS tool took place on the day after Anonymous launched strikes against websites operated by the U.S. Department of Justice, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and others in retaliation for the arrest of four men associated with the popular Megaupload "cyberlocker" site on charges of copyright infringement, money laundering and racketeering.
In a post last Friday to the Symantec security response team's blog, the firm described how unknown hackers modified a message on PasteBin, changing the link to a Trojanized version of Slowloris.
Anonymous supporters have, unwittingly or not, pointed others to altered PasteBin message that includes the link to the Zeus bot. The Twitter account "YourAnonNews," which has almost 550,000 followers, was just one of many that tweeted a link to the altered PasteBin message, said Symantec.
Through mid-February, Symantec had counted over 26,000 views of the PasteBin message and over 400 individual tweets referencing its URL.
While the Trojanized Slowloris does conduct DDoS attacks -- at times under the behest of the hackers who control the botnet -- it also steals website cookies, login information for financial institutions and other user account credentials from infected PCs, then transmits the information to a command-and-control (C&C) server.
"Not only will supporters be breaking the law by participating in attacks on Anonymous hacktivism targets, but [they] may also be at risk of having their online banking and email credentials stolen," said Symantec.
The Zeus ploy wasn't the first time that Anonymous supporters have been tricked.
In January, hard on the heels of the retaliatory attacks against the Department of Justice website, U.K.-based security company Sophos said members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC, or Low Orbit Ion Cannon, another DDoS tool.
Many of those messages said nothing about LOIC or that clicking the link shanghaied the user into the then-ongoing DDoS attack, said Sophos.
Authorities have staged numerous arrests of Anonymous members and supporters on charges that they participated in DDoS attacks against targets in the U.S. and other countries.
Last week, an Interpol-organized sweep netted 25 suspected members of the hacking group in Argentina, Chile, Columbia and Spain.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts