High-Profile Hackers Hit By Malware

Members of the hacking group Anonymous have apparently been duped into installing malware on their own machines. The malicious software was disguised as an update to one of the main tools used by the group.

Anonymous has little or no formal structure; it's often described as an idea rather than an organization. Members generally take action as a form of protest rather than in pursuit of financial gain, portraying most of their victims as opponents of Internet freedoms.

The most common tactic used by Anonymous is the distributed denial of service attack.

This involves using a network of computers to repeatedly make so many bogus requests to the target website that it can no longer cope with the demand and thus becomes unavailable for access by legitimate users.

For sites that carry out online business, the temporary shutdown can be costly.

Supporters Intentionally Install Attack Tools

For most of these attacks, the computers used to make the bogus requests are part of a botnet: a network of computers that have been compromised by malicious software and can be remotely controlled by the offenders.

Anonymous works differently however: it uses the computers of supporters who have voluntarily chosen to take part in the attack and have installed special software tools to do so.

As Anonymous doesn't have a central website, it uses services open to anyone when distributing these tools.

For a recent campaign, it used a site named PasteBin to publish a link to the filesharing site Mediafire, where supporters could download a tool with the filename slowiris.exe. (Source: symantec.com)

Bogus Link Infects Supporters

Unfortunately for Anonymous supporters, somebody made an identical post on PasteBin that differed only in that it linked to a different filesharing site, Multiupload.

Anyone who followed this bogus link would get what appeared to be the same slowiris.exe file, but this one had been modified to collect personal data, such as online banking information, from the user's machine.

To make things worse for Anonymous, the bogus link soon began spreading through social media postings, with one Twitter account promoting it to more than half a million followers. (Source: computerworld.com)

Exactly who is responsible for the subterfuge has not yet been discovered.

Many suspect criminals attempting to capitalize on the support for Anonymous by stealing log-in details, while others suggest it may have been an attempt by officials to deter Anonymous supporters from taking part in future attacks.