| Share

Symantec and Anonymous fall out over Trojanised hack-tool download



Blog Post from Paul Ducklin, Sophos

This morning I was approached by a local security writer for my thoughts about a recent claim by Symantec.

Apparently, supporters of Anonymous, keen to join DDoS attacks using the infamous Slowloris tool, had instead been tricked by opportunistic cybercrooks into installing malware:

The deception of Anonymous supporters began on January 20, 2012, the day of the FBI Megaupload raid. An attacker took a popular PasteBin guide, used by Anonymous members for downloading and using the DoS tool Slowloris, and modified it. In this modified version, the attacker changed the download link to a Trojanized version of the Slowloris tool with matching text...

But Symantec's account was promptly and anonymously (who would have thought?) denied as wrong and libellous:

(I wonder if the claimants in this Tweet will ever out themselves in a civil court in the State of California to make their case against Symantec? That would be one to watch!)

There's a world of warning in this saga, whichever way you look at it.

If you react to an advert from an unknown user on a social network by downloading an unknown program from an unverifiable link uploaded to an untrusted website by an unknown person...

...what do you really expect to happen?

The answer, of course, is, "Anything and everything!"

And if your intention was, in any case, to download and deploy Slowloris, look in the mirror and ask yourself some questions.

Do you really want to associate yourself with software which openly proclaims itself to be alow bandwidth, yet greedy and poisonous HTTP client?

Do you really consider yourself an activist by fetching and using such software?

Or are you just turning yourself into yet another internet vandal hiding behind a smokescreen of anonymity to serve the uncertain purposes of persons unknown?

As our colleague Graham recently wrote, on the twentieth anniversary of the Michelagelo virus:

One wonders what fun can be really had from a virus which marks such a key milestone in malware history as Michelangelo, if you can't ever tell anyone that it was you who created it.

Want to be an internet activist?

Learn to build, not to break. To challenge, not to vandalise. To evangelise, not to alienate.

And think before you click.

This was a public safety announcement. Thanks for listening.