Feeds

back to article Anonymous web weapon backfires with hidden banking Trojan

Anonymous supporters queuing up to participate in denial-of-service attacks are being tricked into installing ZeuS botnet clients. Hacktivists grabbed what they thought was the Slowloris tool, which is designed to flood websites with open connections and ultimately knock them offline. However, the download included a strain of …

COMMENTS

This topic is closed for new posts.
Silver badge
Trollface

Still laughing.....

Oh man that's funny.

40
0

Oh, the irony.

12
0
Silver badge
Devil

Is it so very wrong of me to be laughing?

8
0
Bronze badge

Who can they blame?

it was /Anonymous/ malware pedlars who swiped the template of a guide to launching denial-of-service attacks from Pastebin.

0
0
Silver badge
Happy

Proving that Anonymous really are ...

... just a load of sad wannbes who are nothing more than dumb script kiddie sheep.

13
1
JDX
Gold badge

Surely using Windows makes you a laughing stock in the first place in the hacking community.

7
7
FAIL

Sorry, no.

I've been running and maintaining Windows machines (and Macs) for decades now. I've never had a virus, trojan, or any other form of malware on either. It is perfectly possible if you've read the f*cking manual. (Yes, there are plenty of docs for Windows. Just tap F1. Then read.)

There is nothing any OS designer can do to combat simple ignorance. Not even the various *BSD distributions are immune, let alone GNU/Linux. Even Apple's OS X is based on a heavily customised version of a *BSD core, so that, too, is no better at keeping an idiot away from a trojan—that's why Apple are using the only options they have open to them: a gated* ecosystem.

You see, the whole point of trojans is that they use social engineering, not flaws in your OS.

* Apple's ecosystem is a gated community, not a "walled garden". You are perfectly able to leave if you really, really want to, so it's not completely enclosed, but Apple have made it clear that you're on your own if you do decide to unlock that gate.

A truly "walled garden" system would look suspiciously like the CompuServe or CIX systems of yesteryear, which didn't even support TCP/IP natively until well into the 1990s.

Compare and contrast Apple's approach with, say, Ubuntu's own app store equivalent. Try installing an application that hasn't been listed on their store and see how easy it is. Both Microsoft and Apple make this process much easier, even if you don't choose to go through their own channels.

7
2
JDX
Gold badge

Re: Sorry, no.

If that was a reply to my post, you entirely missed the point of what I said.

3
0
Silver badge

Re: Sorry, no.

First off, the only reason Apple allows you to unlock your iOS devices is because legally they have no choice in the matter. The law of the land is that if you own the hardware you can unlock it and the only thing the manufacturer can do about it is void your warranty and refuse to support you. They campaigned very hard to make it illegal and lost to common sense.

Second:

"Compare and contrast Apple's approach with, say, Ubuntu's own app store equivalent. Try installing an application that hasn't been listed on their store and see how easy it is. Both Microsoft and Apple make this process much easier, even if you don't choose to go through their own channels."

Eh....download the deb file and run dpkg on it....what's difficult about that? Ubuntu probably even has a GUI to do it, but it would take longer to do it that way than it does to hit a hotkey for a terminal and type the command.

As for Apple and Microsoft making it easier...um, no. Microsoft is about the same as installing a deb from outside the repository. I can't speak for Apple's app store, but in my experience (on an older Mac from before they had the app store) installing Mac software is also about the same as installing a deb from outside the repository. Which all assumes, of course, that you could find any Linux software worth having that's not already in the Ubuntu repository (which is possible but difficult).

When you factor in the repository Microsoft shouldn't even be in the discussion for ease of use. Saying it's easier to install Windows software than it is to use Ubuntu's repository is ludicrous. Not that Windows software is hard to install by any means, but with the repository installing software from a trusted source a matter of clicking a checkbox and then clicking an install button. As mentioned above, you'd have difficulty finding any software worth having not in the sources that Ubuntu ships with.

As for Apple, I'd be very suprised if Apple's app store came anywhere near the number of apps available in Ubuntu's repository. I'm sure the Mac app store comes close to Ubuntu's repository in terms of ease of use, but if the iOS app store is any indication it's not quite there. I honestly doubt any app store that has to deal with paid-for apps could ever match the ease of use of the Ubuntu repository. It's hard to beat 'click, click, done'.

0
2
Bronze badge
Joke

Re: Sorry, no.

Hey El Reg, you need a new print cartridge, this web page hasn't printed properly...

8
0
Anonymous Coward

This tossoff belongs in the Guinness Book of Records!

@Sean Timarco Baggaley > I've been running and maintaining Windows machines (and Macs) for decades now. I've never had a virus, trojan, or any other form of malware on either.

Unless you have never been connected to the Internet for even a fraction of a second, my carefully considered response is "BULLSHIT!"

0
7
Silver badge

Re: Sorry, no.

"Hey El Reg, you need a new print cartridge, this web page hasn't printed properly..."

On my other machine it looks like their print carriage is fine. It over prints the message below it.

0
1
Anonymous Coward

Re: This tossoff belongs in the Guinness Book of Records!

"Unless you have never been connected to the Internet for even a fraction of a second, my carefully considered response is "BULLSHIT!""

Having used Windows and *BSD for decades (from both personal use through to involvement in the development and hosting of hardened financial systems - processing swaps of the order of millions/billions per swap... Yes... running (for the most part) on Windows) I can say that it just as possible for Windows to remain 'nasties' free as it is *BSD - of course vanilla installs are not of much use.

Most times the problem with Windows is the user.

As for your attack upon Sean Timarco Baggaley you do yourself no favours. I have worked alongside many with attitudes like yours. Most times they do not last the course.

Just becuase an OS may be particularly vunerable, that does not mean that it has to experience issues. If you have had issues with Windows I would suggest you follow these 3 simple instructions: finger. point. self.

Where's the 'Idiot AC' killfile option?

3
1
Anonymous Coward

Re: This tossoff belongs in the Guinness Book of Records!

The world's best anti-malware brains have not been able to keep NASA, FBI, CIA, NSA, MI5, NCIS, Google, Yahoo, Amazon, Microsoft, et al (nor even themselves) 'nasties free for decades', but I'm supposed to believe a couple of self-proclaimed experts managed to do just that?

ROTFLMFAO!

Bolt the door before he clowns escape!

0
1

This post has been deleted by its author

Silver badge
Windows

@sisk

"First off, the only reason Apple allows you to unlock your iOS devices is because legally they have no choice in the matter. The law of the land is that if you own the hardware you can unlock it and the only thing the manufacturer can do about it is void your warranty and refuse to support you."

You should tell that to Microsoft as well. Because a Windows Phone is locked and won't be unlocked unless I apply for a developer subscription with Microsoft ($100,-/year) after which I'll be allowed to - temporarily - unlock my phone, but solely for "testing purposes".

Now, Microsoft tends to do crazy and dumb stuff IMO, an example of that would be Metro. But I doubt that they would knowingly violate the law, especially on a market where they're hardly noticeable yet.

0
0
Anonymous Coward

Re: This tossoff belongs in the Guinness Book of Records!

"...a couple of self-proclaimed experts"

I don't think either myself or Baggaley proclaimed any degree of expertise. It would however seem that you may be.

Now, you have your opinion, we obviously have our experience.

Of course, if you would rather talk on a network scope, then it is highly improbable that malware will not creep in, but that was not the scope of my comment and I do not believe that Baggaley was talking about networks either. If you had read his post properly, you would have noted that.

If however we are talking about say, a single cluster within a secure, hardened and regularly pen-tested network, then it is demonstrably possible to exist malware free for quite literally years. To state that such a thing is not possible simply serves to demonstrate your arrogance or ineptitude.

But as I previously posted, if you personally have had issues; finger. point. self.

0
1
Anonymous Coward

Re: This tossoff belongs in the Guinness Book of Records!

If "a couple of self-proclaimed experts" offended your delicate sensibilities, let's change it to "a couple of self-evident experienced tossoffs".

(I'm simply overwhelmed by your aura of infallibility, by the way.)

0
0
Anonymous Coward

Re: This tossoff belongs in the Guinness Book of Records!

You present no argument, just the ramblings of an amateur idiot. Justify your position that no Windows server can remain virus free please. Not heresay, but actual proof.

Oh, you can't. Fool.

<killfiled />

0
1
FAIL

The 99% and the 1%

I think this proves that 1% of "Anonymous" are the elite coders/hackers who know what they're doing.

The other 99% are idiotic script kiddies who are thick as pig shit.

10
0
Anonymous Coward

Re: The 99% and the 1%

It also shows that there is no honour among thieves.

1
0
Anonymous Coward

I think you are exaggerating

Anonymous have never shown any skill in developing their own code and/or hacks. They are 100% idiotic script kiddies who are all thick as pig shit.

5
2
Silver badge

Re: I think you are exaggerating

"Anonymous have never shown any skill in developing their own code and/or hacks. They are 100% idiotic script kiddies who are all thick as pig shit."

Not true. SOMEONE had to write the tools they use, which means someone who's pretty active in Anonymous (I hesitate to say high ranking because of how the organization is (un)structured) knows at least enough about coding to be dangerous.

1
1
Bronze badge
FAIL

Re: I think you are exaggerating

"Not true. SOMEONE had to write the tools they use, which means someone who's pretty active in Anonymous (I hesitate to say high ranking because of how the organization is (un)structured) knows at least enough about coding to be dangerous."

Thats not accurate at all. They haven't coded a single fucking thing that they've used in any major "Operation" yet, they simply take open source or public domain tools from other people and use them. No coding involved at any stage. Calling them Script Kiddies is being more kind than I would be.

1
0
Silver badge

Proof indeed

That Anonymous supports are of low intelligence.

2
1
Anonymous Coward

Security

"the download included a strain of ZeuS, which promptly installed itself on their Microsoft Windows machines."

So basically everyone except a Windows user is secure? No change there then!

1
4
Silver badge
Facepalm

Re: Security

Yeah, right. Maybe you should go read here for the trouble fanbois are having at the moment:

http://www.theregister.co.uk/2012/02/24/flashback_mac_trojan/

And Linux trojans have been around for years:

http://www.theregister.co.uk/2001/09/07/linux_trojan_spotted/

2
5
Silver badge
WTF?

Re: Re: Security

Is that it? One linux trojan from 11 years ago and something for OS/X? Compared to what , a couple of dozen examples windows per day?

3
3
Silver badge

@boltar

Careful now.. Quantity doesn't make quality but most of all; this could also mean that Linux is still not a platform which is interesting enough for kiddies to attack.

Quite frankly that makes perfect sense since normally you don't attack Linux with trojans and the likes. Instead you aim for local (root) exploits which you can exploit through bugs with (accessible) software running on Linux (sql injections for example). Now, if you look up those numbers you'll realize that Linux is basically just as vulnerable as Windows.

The main difference is that Windows is being attacked "as a whole" (single entity) whereas Linux can suffer from flaws within /any/ remotely accessible software running on it (from Apache to MySQL to....), added up to the almost constantly available local root exploits.

0
0
Black Helicopters

Just out of interest...

Does anyone know where this version calls home? Some site affiliated to the FBI, CIA, NSA, or is it the normal call to China. Just interested, it would be a good way to gather a list of Anonymous names (or at least supporter names).

4
1

Re: Just out of interest...

I think you'll find the 'normal' here is in fact to call Russia and its old states.

0
0
Mushroom

Anonymous vs ZeuS

I wonder if Anonymous will go after the creators of ZeuS

1
1
Silver badge
Thumb Up

I hope they will

Maybe Anonymous will succeed where the police forces of a dozen nations have failed. I hope Anon will dox these malware-pushing bastards and then proceed to make their lives, and hopefully those of their families as well, such an utter living hell that they'll wish the police had got to them instead.

1
0
Silver badge
Facepalm

Re: Re: I hope they will

".....I hope Anon will dox these malware-pushing bastards...." Of course, let's hope Anon use due legal consideration and real evidence before they do, because it would only make them look all the more stupid (and criminal) if they went after the wrong people (again).

1
1
Anonymous Coward

Aaa Ha Ha Ha Ha

Not so elite hacksaws now are we?

1
0
Silver badge
Happy

Hold on a sec....

So, you're only an Anon haxor if the Anon haxors say so...? How do we know this wasn't just Anons taking advantage of other Anons? After all, lay down with wild dogs and you will get fleas.

2
1
Happy

Whoops!

You mess with the bull ure gonna get get the horns....or worms....i kid i kid

0
0
Silver badge

A Few Solid Nuggets

I think you would discover if ever anyone qualified to answer were asked, that Anonymous OccupyD Space is Top of All Security Priorities Concerns.

There are more than just kiddies playing there in that novel place. I Kid U Not. IT is Real Live Spookery in the Field.

0
1
Anonymous Coward

Today's program has been brought to you by...

The words "hoist" and "petard"

3
0
Happy

[NELSON VOICE]

HA! HA!

[/NELSON VOICE]

Couldn't have happened to nicer folk!

0
0
Coat

God help me

but I was reminded of this: http://ars.userfriendly.org/cartoons/?id=20010523

1
0
Anonymous Coward

While i think that installing any software or even clicking on a link posted by the sabu bit of anonymous (or anyone else claiming to be affiliated to anon) is a stupid thing to do, this is hardly evidence of their incompetence.

Somebody else jumped on the anonymous hype generated traffic to make some money (or perhaps gather names).

The same thing happens to hundreds of other programmers all the time.

0
1
Silver badge

If you identify yourself as "anonymous" (so basically you could be anybody) and still call out for people to support you in your "efforts" then isn't it a /little/ bit predictable that something like this could happen sooner or later ?

Because how are your "followers" going to know to deal with the real thing? By taking your word for it? On the Internet? Yeah right ;-)

0
0
Anonymous Coward

Oh noes!

My caturday pictures!

0
0
Anonymous Coward

The scum leading the dumb

Too stupid to know any better this lot.

0
0
Happy

Now THAT'S justice

#thatisall

0
0
This topic is closed for new posts.