Membership in the Anonymous hacker collective is not without its dangers—and I don’t mean just the 25 Guys in custody. Turns out that someone slipped a Trojan into some popular Anon DDoS software and has been stealing bank info from anyone that runs it.
Slowloris is a popular, easy-to-use, distributed denial-of-service (DDoS) program named in an Anonymous-backed list of attack tools that began circulating after the Feds yanked MegaUpload. Not on the approved list, however, was the Zeus Trojan that someone conveniently implanted in Slowloris around the same time. Zeus is a malicious piece of software designed to siphon banking credentials from infected systems. And with the poisonous version of Slowloris making the rounds in the MegaUpload backlash, countless users may have unwittingly compromised their own bank accounts in their attempts to play "hacktivist."
The exploit was discovered by Symantec. "Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets," Symantec wrote, "but may also be at risk of having their online banking and email credentials stolen."
So congratulations script kiddies, I’m sure the satisfaction of knocking a few websites offline for a couple of hours in that online tantrum was totally worth opening your collective wallets to the Internet. I’m equally sure that whichever slick sumbitch that inserted the Zeus and effortlessly exploited your blind, slavering, eagerness to be part of the crowd shares your high-minded ideals about IP protection policies. [Symantec via MSNBC]