Slowloris Pastebin guide included malicious link Thousands of Internet users downloading the Slowloris tool to participate in recent DoS attacks in support of the Anonymous protest movement could have infected themselves with the Zeus banking Trojan, Symantec has reported.The attack appears to have started just after the FBI’s 20 January raid on Kim Schmitz’s Megaupload file sharing service on piracy charges, which led to a campaign in which outraged users were invited to attack industry and Federal sites using DIY DoS software such as Slowloris.It now appears that an opportunistic criminal altered one of the download links to the tool inside a PasteBin ‘how guide’, pointing it to a server hosting a Trojanised version of the tool.Compounding this, the infected link was unwittingly spread by users through Twitter, with 400 individual tweets including the link to add to the 26,000 people viewing the guide on Pastebin. Any Windows user downloading the software would have been installing Zeus (aka Zbot) on their PC, after which a genuine version of Slowloris would have installed as a concealment tactic.The Zeus variant detected not only records logins for any web service the users subsequently visits, but in theory will continue to attack targets antagonistic to Anonymous. How successful these attacks might be is anyone’s guess – Slowloris is usually seen as a tool to launch attacks from Linux systems. “Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen,” Symantec said.“The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world.”The fashion for using non-technical DDoS tools to support global Internet causes goes back to late 2010 when Anonymous sympathisers were invited to download the JavaScript Low Orbit Ion Cannon (LOIC) to launch web attacks in support of Wikileaks and its founder, Julian Assange.Probably the most famous use of the more technically-involved Slowloris was to attack Iranian Government servers at the time of the disputed election of 2009. Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe