back to article Anonymous web weapon backfires with hidden banking Trojan

Anonymous supporters queuing up to participate in denial-of-service attacks are being tricked into installing ZeuS botnet clients. Hacktivists grabbed what they thought was the Slowloris tool, which is designed to flood websites with open connections and ultimately knock them offline. However, the download included a strain of …

COMMENTS

This topic is closed for new posts.
  1. Winkypop Silver badge
    Trollface

    Still laughing.....

    Oh man that's funny.

  2. Dotter

    Oh, the irony.

  3. AndrueC Silver badge
    Devil

    Is it so very wrong of me to be laughing?

  4. Alister

    Who can they blame?

    it was /Anonymous/ malware pedlars who swiped the template of a guide to launching denial-of-service attacks from Pastebin.

  5. Anonymous Coward
    Happy

    Proving that Anonymous really are ...

    ... just a load of sad wannbes who are nothing more than dumb script kiddie sheep.

  6. JDX Gold badge

    Surely using Windows makes you a laughing stock in the first place in the hacking community.

    1. Sean Timarco Baggaley
      FAIL

      Sorry, no.

      I've been running and maintaining Windows machines (and Macs) for decades now. I've never had a virus, trojan, or any other form of malware on either. It is perfectly possible if you've read the f*cking manual. (Yes, there are plenty of docs for Windows. Just tap F1. Then read.)

      There is nothing any OS designer can do to combat simple ignorance. Not even the various *BSD distributions are immune, let alone GNU/Linux. Even Apple's OS X is based on a heavily customised version of a *BSD core, so that, too, is no better at keeping an idiot away from a trojan—that's why Apple are using the only options they have open to them: a gated* ecosystem.

      You see, the whole point of trojans is that they use social engineering, not flaws in your OS.

      * Apple's ecosystem is a gated community, not a "walled garden". You are perfectly able to leave if you really, really want to, so it's not completely enclosed, but Apple have made it clear that you're on your own if you do decide to unlock that gate.

      A truly "walled garden" system would look suspiciously like the CompuServe or CIX systems of yesteryear, which didn't even support TCP/IP natively until well into the 1990s.

      Compare and contrast Apple's approach with, say, Ubuntu's own app store equivalent. Try installing an application that hasn't been listed on their store and see how easy it is. Both Microsoft and Apple make this process much easier, even if you don't choose to go through their own channels.

      1. JDX Gold badge

        Re: Sorry, no.

        If that was a reply to my post, you entirely missed the point of what I said.

      2. sisk

        Re: Sorry, no.

        First off, the only reason Apple allows you to unlock your iOS devices is because legally they have no choice in the matter. The law of the land is that if you own the hardware you can unlock it and the only thing the manufacturer can do about it is void your warranty and refuse to support you. They campaigned very hard to make it illegal and lost to common sense.

        Second:

        "Compare and contrast Apple's approach with, say, Ubuntu's own app store equivalent. Try installing an application that hasn't been listed on their store and see how easy it is. Both Microsoft and Apple make this process much easier, even if you don't choose to go through their own channels."

        Eh....download the deb file and run dpkg on it....what's difficult about that? Ubuntu probably even has a GUI to do it, but it would take longer to do it that way than it does to hit a hotkey for a terminal and type the command.

        As for Apple and Microsoft making it easier...um, no. Microsoft is about the same as installing a deb from outside the repository. I can't speak for Apple's app store, but in my experience (on an older Mac from before they had the app store) installing Mac software is also about the same as installing a deb from outside the repository. Which all assumes, of course, that you could find any Linux software worth having that's not already in the Ubuntu repository (which is possible but difficult).

        When you factor in the repository Microsoft shouldn't even be in the discussion for ease of use. Saying it's easier to install Windows software than it is to use Ubuntu's repository is ludicrous. Not that Windows software is hard to install by any means, but with the repository installing software from a trusted source a matter of clicking a checkbox and then clicking an install button. As mentioned above, you'd have difficulty finding any software worth having not in the sources that Ubuntu ships with.

        As for Apple, I'd be very suprised if Apple's app store came anywhere near the number of apps available in Ubuntu's repository. I'm sure the Mac app store comes close to Ubuntu's repository in terms of ease of use, but if the iOS app store is any indication it's not quite there. I honestly doubt any app store that has to deal with paid-for apps could ever match the ease of use of the Ubuntu repository. It's hard to beat 'click, click, done'.

        1. Alister
          Joke

          Re: Sorry, no.

          Hey El Reg, you need a new print cartridge, this web page hasn't printed properly...

          1. Wize

            Re: Sorry, no.

            "Hey El Reg, you need a new print cartridge, this web page hasn't printed properly..."

            On my other machine it looks like their print carriage is fine. It over prints the message below it.

        2. Anonymous Coward
          Windows

          @sisk

          "First off, the only reason Apple allows you to unlock your iOS devices is because legally they have no choice in the matter. The law of the land is that if you own the hardware you can unlock it and the only thing the manufacturer can do about it is void your warranty and refuse to support you."

          You should tell that to Microsoft as well. Because a Windows Phone is locked and won't be unlocked unless I apply for a developer subscription with Microsoft ($100,-/year) after which I'll be allowed to - temporarily - unlock my phone, but solely for "testing purposes".

          Now, Microsoft tends to do crazy and dumb stuff IMO, an example of that would be Metro. But I doubt that they would knowingly violate the law, especially on a market where they're hardly noticeable yet.

      3. Anonymous Coward
        Anonymous Coward

        This tossoff belongs in the Guinness Book of Records!

        @Sean Timarco Baggaley > I've been running and maintaining Windows machines (and Macs) for decades now. I've never had a virus, trojan, or any other form of malware on either.

        Unless you have never been connected to the Internet for even a fraction of a second, my carefully considered response is "BULLSHIT!"

        1. Anonymous Coward
          Anonymous Coward

          Re: This tossoff belongs in the Guinness Book of Records!

          "Unless you have never been connected to the Internet for even a fraction of a second, my carefully considered response is "BULLSHIT!""

          Having used Windows and *BSD for decades (from both personal use through to involvement in the development and hosting of hardened financial systems - processing swaps of the order of millions/billions per swap... Yes... running (for the most part) on Windows) I can say that it just as possible for Windows to remain 'nasties' free as it is *BSD - of course vanilla installs are not of much use.

          Most times the problem with Windows is the user.

          As for your attack upon Sean Timarco Baggaley you do yourself no favours. I have worked alongside many with attitudes like yours. Most times they do not last the course.

          Just becuase an OS may be particularly vunerable, that does not mean that it has to experience issues. If you have had issues with Windows I would suggest you follow these 3 simple instructions: finger. point. self.

          Where's the 'Idiot AC' killfile option?

          1. Anonymous Coward
            Anonymous Coward

            Re: This tossoff belongs in the Guinness Book of Records!

            The world's best anti-malware brains have not been able to keep NASA, FBI, CIA, NSA, MI5, NCIS, Google, Yahoo, Amazon, Microsoft, et al (nor even themselves) 'nasties free for decades', but I'm supposed to believe a couple of self-proclaimed experts managed to do just that?

            ROTFLMFAO!

            Bolt the door before he clowns escape!

            1. Anonymous Coward
              Anonymous Coward

              Re: This tossoff belongs in the Guinness Book of Records!

              "...a couple of self-proclaimed experts"

              I don't think either myself or Baggaley proclaimed any degree of expertise. It would however seem that you may be.

              Now, you have your opinion, we obviously have our experience.

              Of course, if you would rather talk on a network scope, then it is highly improbable that malware will not creep in, but that was not the scope of my comment and I do not believe that Baggaley was talking about networks either. If you had read his post properly, you would have noted that.

              If however we are talking about say, a single cluster within a secure, hardened and regularly pen-tested network, then it is demonstrably possible to exist malware free for quite literally years. To state that such a thing is not possible simply serves to demonstrate your arrogance or ineptitude.

              But as I previously posted, if you personally have had issues; finger. point. self.

              1. Anonymous Coward
                Anonymous Coward

                Re: This tossoff belongs in the Guinness Book of Records!

                If "a couple of self-proclaimed experts" offended your delicate sensibilities, let's change it to "a couple of self-evident experienced tossoffs".

                (I'm simply overwhelmed by your aura of infallibility, by the way.)

                1. Anonymous Coward
                  Anonymous Coward

                  Re: This tossoff belongs in the Guinness Book of Records!

                  You present no argument, just the ramblings of an amateur idiot. Justify your position that no Windows server can remain virus free please. Not heresay, but actual proof.

                  Oh, you can't. Fool.

                  <killfiled />

      4. This post has been deleted by its author

  7. Cosmo
    FAIL

    The 99% and the 1%

    I think this proves that 1% of "Anonymous" are the elite coders/hackers who know what they're doing.

    The other 99% are idiotic script kiddies who are thick as pig shit.

    1. Anonymous Coward
      Anonymous Coward

      Re: The 99% and the 1%

      It also shows that there is no honour among thieves.

    2. Anonymous Coward
      Anonymous Coward

      I think you are exaggerating

      Anonymous have never shown any skill in developing their own code and/or hacks. They are 100% idiotic script kiddies who are all thick as pig shit.

      1. sisk

        Re: I think you are exaggerating

        "Anonymous have never shown any skill in developing their own code and/or hacks. They are 100% idiotic script kiddies who are all thick as pig shit."

        Not true. SOMEONE had to write the tools they use, which means someone who's pretty active in Anonymous (I hesitate to say high ranking because of how the organization is (un)structured) knows at least enough about coding to be dangerous.

        1. FrankAlphaXII
          FAIL

          Re: I think you are exaggerating

          "Not true. SOMEONE had to write the tools they use, which means someone who's pretty active in Anonymous (I hesitate to say high ranking because of how the organization is (un)structured) knows at least enough about coding to be dangerous."

          Thats not accurate at all. They haven't coded a single fucking thing that they've used in any major "Operation" yet, they simply take open source or public domain tools from other people and use them. No coding involved at any stage. Calling them Script Kiddies is being more kind than I would be.

  8. Anonymous Coward
    Anonymous Coward

    Proof indeed

    That Anonymous supports are of low intelligence.

  9. Anonymous Coward
    Anonymous Coward

    Security

    "the download included a strain of ZeuS, which promptly installed itself on their Microsoft Windows machines."

    So basically everyone except a Windows user is secure? No change there then!

    1. Matt Bryant Silver badge
      Facepalm

      Re: Security

      Yeah, right. Maybe you should go read here for the trouble fanbois are having at the moment:

      http://www.theregister.co.uk/2012/02/24/flashback_mac_trojan/

      And Linux trojans have been around for years:

      http://www.theregister.co.uk/2001/09/07/linux_trojan_spotted/

      1. Anonymous Coward
        WTF?

        Re: Re: Security

        Is that it? One linux trojan from 11 years ago and something for OS/X? Compared to what , a couple of dozen examples windows per day?

        1. Anonymous Coward
          Anonymous Coward

          @boltar

          Careful now.. Quantity doesn't make quality but most of all; this could also mean that Linux is still not a platform which is interesting enough for kiddies to attack.

          Quite frankly that makes perfect sense since normally you don't attack Linux with trojans and the likes. Instead you aim for local (root) exploits which you can exploit through bugs with (accessible) software running on Linux (sql injections for example). Now, if you look up those numbers you'll realize that Linux is basically just as vulnerable as Windows.

          The main difference is that Windows is being attacked "as a whole" (single entity) whereas Linux can suffer from flaws within /any/ remotely accessible software running on it (from Apache to MySQL to....), added up to the almost constantly available local root exploits.

  10. Usually Right or Wrong
    Black Helicopters

    Just out of interest...

    Does anyone know where this version calls home? Some site affiliated to the FBI, CIA, NSA, or is it the normal call to China. Just interested, it would be a good way to gather a list of Anonymous names (or at least supporter names).

    1. Anonymous Coward
      Anonymous Coward

      Re: Just out of interest...

      I think you'll find the 'normal' here is in fact to call Russia and its old states.

  11. John70
    Mushroom

    Anonymous vs ZeuS

    I wonder if Anonymous will go after the creators of ZeuS

    1. Steven Roper
      Thumb Up

      I hope they will

      Maybe Anonymous will succeed where the police forces of a dozen nations have failed. I hope Anon will dox these malware-pushing bastards and then proceed to make their lives, and hopefully those of their families as well, such an utter living hell that they'll wish the police had got to them instead.

      1. Matt Bryant Silver badge
        Facepalm

        Re: Re: I hope they will

        ".....I hope Anon will dox these malware-pushing bastards...." Of course, let's hope Anon use due legal consideration and real evidence before they do, because it would only make them look all the more stupid (and criminal) if they went after the wrong people (again).

  12. Anonymous Coward
    Anonymous Coward

    Aaa Ha Ha Ha Ha

    Not so elite hacksaws now are we?

  13. Matt Bryant Silver badge
    Happy

    Hold on a sec....

    So, you're only an Anon haxor if the Anon haxors say so...? How do we know this wasn't just Anons taking advantage of other Anons? After all, lay down with wild dogs and you will get fleas.

  14. DragonKin37
    Happy

    Whoops!

    You mess with the bull ure gonna get get the horns....or worms....i kid i kid

  15. amanfromMars 1 Silver badge

    A Few Solid Nuggets

    I think you would discover if ever anyone qualified to answer were asked, that Anonymous OccupyD Space is Top of All Security Priorities Concerns.

    There are more than just kiddies playing there in that novel place. I Kid U Not. IT is Real Live Spookery in the Field.

  16. Anonymous Coward
    Anonymous Coward

    Today's program has been brought to you by...

    The words "hoist" and "petard"

  17. Leona A
    Happy

    [NELSON VOICE]

    HA! HA!

    [/NELSON VOICE]

    Couldn't have happened to nicer folk!

  18. Armando 123
    Coat

    God help me

    but I was reminded of this: http://ars.userfriendly.org/cartoons/?id=20010523

  19. Anonymous Coward
    Anonymous Coward

    While i think that installing any software or even clicking on a link posted by the sabu bit of anonymous (or anyone else claiming to be affiliated to anon) is a stupid thing to do, this is hardly evidence of their incompetence.

    Somebody else jumped on the anonymous hype generated traffic to make some money (or perhaps gather names).

    The same thing happens to hundreds of other programmers all the time.

    1. Anonymous Coward
      Anonymous Coward

      If you identify yourself as "anonymous" (so basically you could be anybody) and still call out for people to support you in your "efforts" then isn't it a /little/ bit predictable that something like this could happen sooner or later ?

      Because how are your "followers" going to know to deal with the real thing? By taking your word for it? On the Internet? Yeah right ;-)

  20. Anonymous Coward
    Anonymous Coward

    Oh noes!

    My caturday pictures!

  21. Anonymous Coward
    Anonymous Coward

    The scum leading the dumb

    Too stupid to know any better this lot.

  22. Sordid Details
    Happy

    Now THAT'S justice

    #thatisall

This topic is closed for new posts.

Other stories you might like