• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Hacker On Hacker Action – Zeus Botmaster Targets Anonymous Supporters

March 5, 2012

Views: 14,341

It somehow reminds me of the oldskool game Spy vs Spy, anyone remember that? Anyhow, that’s off-topic right now.

The news is, some smart malware pimp managed to dupe a whole bunch of Anonymous supporters into installing the Zeus botnet – when they thought they were getting a DDoS tool.

It’s a pretty big base to go after, plus people would generally ignore any malware warnings their Anti-Virus might pop-up when they were running the tool as most DDoS tools and hacking kits are flagged by AV software – smart move if you ask me.

Hackers have duped supporters of the Anonymous group into installing the Zeus botnet, which steals confidential information from PCs, including banking usernames and passwords, security researchers said last week.

According to Symantec, someone modified a link to a popular distributed denial-of-service (DDoS) attack tool to direct users to a Zeus bot Trojan instead.

The replacement of a Zeus client for the “Slowloris” DDoS tool took place on the day after Anonymous launched strikes against websites operated by the U.S. Department of Justice, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and others in retaliation for the arrest of four men associated with the popular Megaupload “cyberlocker” site on charges of copyright infringement, money laundering and racketeering.

In a post last Friday to the Symantec security response team’s blog, the firm described how unknown hackers modified a message on PasteBin, changing the link to a Trojanized version of Slowloris.

Anonymous supporters have, unwittingly or not, pointed others to altered PasteBin message that includes the link to the Zeus bot. The Twitter account “YourAnonNews,” which has almost 550,000 followers, was just one of many that tweeted a link to the altered PasteBin message, said Symantec.

Through mid-February, Symantec had counted over 26,000 views of the PasteBin message and over 400 individual tweets referencing its URL.

There were some pretty big pimps of the malicious link too with the Twitter account @YourAnonNews being one of the major ones (over half a million followers).

With over 400 tweets referencing the URL and over 25,000 views – the person who pulled this off probably masterminded a whole bunch of fresh infections.

And as Zeus targets banking details, he could have gotten a pile of cash out of it too.

While the Trojanized Slowloris does conduct DDoS attacks — at times under the behest of the hackers who control the botnet — it also steals website cookies, login information for financial institutions and other user account credentials from infected PCs, then transmits the information to a command-and-control (C&C) server.

“Not only will supporters be breaking the law by participating in attacks on Anonymous hacktivism targets, but [they] may also be at risk of having their online banking and email credentials stolen,” said Symantec.

The Zeus ploy wasn’t the first time that Anonymous supporters have been tricked.

In January, hard on the heels of the retaliatory attacks against the Department of Justice website, U.K.-based security company Sophos said members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC, or Low Orbit Ion Cannon, another DDoS tool.

Many of those messages said nothing about LOIC or that clicking the link shanghaied the user into the then-ongoing DDoS attack, said Sophos.

Authorities have staged numerous arrests of Anonymous members and supporters on charges that they participated in DDoS attacks against targets in the U.S. and other countries.

Last week, an Interpol-organized sweep netted 25 suspected members of the hacking group in Argentina, Chile, Columbia and Spain.

Anonymous supports are getting arrested all over the World and now they are being targeted by malware pushers. As if we didn’t already know, being a supporter of the Anonymous movement is risky business – so if you do participate – please be careful.

On another note, some of the new versions of LOIC are pretty damn cool – some people are coding the hell out of it. Check this one out on Github (which also got owned recently coincidentally):

Download LOIC Low Orbit Ion Cannon

Source: Network World

Share
Tweet56
Share15
Buffer
WhatsApp
Email
71 Shares

Filed Under: Hacking News Tagged With: anonymous, Social Engineering, zeus, zeus trojan



Reader Interactions

Comments

  1. Bogwitch says

    March 6, 2012 at 9:11 am

    Nice one Darknet! Tell us all about the Zeus in LOIC and then link us to a new version? ;)

    No doubt there will be accusations that it was part of a sting operation, the ‘feds’ put the trojan in there to track the anonymous sheep.
    it is pretty ironic, those using LOIC are motivated my a sense of moral indignation (or at least are only in it for the lulz) and whoever put the Zeus in LOIC is motivated by greed and profit, exactly what those sheep wanted to protest against.

  2. Scott says

    March 6, 2012 at 5:19 pm

    I heard it was that joker guy that did it

  3. Scott Herbert says

    March 6, 2012 at 10:19 pm

    Who could have predicted it? Oh I did! http://scott-herbert.com/blog/2012/02/28/china-and-anti-virus-companies-737 whatever you think about dDOS attacks and Anonymous the fact AV company flag up LOIC as a PUP (potentially unwanted program) is incorrect (if you install LOIC you want LOIC) and leads to people ignoring AV warnings (I’m not saying that happened in this case, just that it increases the odd’s of people ignoring stuff and getting stung, by a really unwanted program.

  4. EViL_Stephenson says

    April 2, 2012 at 9:40 pm

    If Anonymous told people to jump off of a bridge and then came to a consensus that it should be done there would likely be a few dead people in the river.

    Advertising works off the same psychological principals as do cults, religions(same difference), Scientology, etc…

    Yes, Anons are inadvertently just like the Scientology they claim to hate. Promoting it with their publicity and possibly increasing the number of Scientologists on the planet. Thanks a lot, asshats.

    The follower mentality is worldwide. People need to belong. Well, with Anonymous, nobody belongs, but everyone is a Tool. Just like everyone else.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 389

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 455

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 382

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 577

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 552

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 725

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,294,059)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,083)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,621)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,680)
  • Password List Download Best Word List – Most Common Passwords (933,482)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,146)
  • Hack Tools/Exploits (673,293)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,156)

Search

Recent Posts

  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy