Malware Infiltrating Anonymous Not So Different from Any Other Trojan Trickery


Wednesday, an operating system designed around a flavor of Linux was released by an apparent cell of Anonymous accordingly loaded with anonymity tools, hacking suites, and privacy software—but it also potentially came with a side of Trojans and malware—and this brought Gizmodo’s Sam Biddle to ask “Is Anonymous Spinning out of Control?” The presence of malware in widely spread software, even from the vasty deeps of Anonymous, doesn’t seem like it’s something that at all suggests control or lack of control; especially because “Anonymous” itself is entirely a label convention.

Trojans and malware being released under the banner of Anonymous is not unusual.

Early March, Symantec discovered that malicious hackers decided to take advantage of the backlash by Anonymous against Megaupload by releasing a version of the distributed denial-of-service (DDoS) tool Slowloris modified with a version of the Zeus botnet. As a result, numerous would-be DoSers found themselves infected with the botnet.

The problem we’re seeing is that Anonymous has a socially open circulatory system and nervous system and lacks a fully matured immune system to go along with it. Malware and evil scripts have already come and gone through the Anonymous community in the past and usually they’re stomped down by constant reminders when people download scripts that they need to come from trusted sources. Due to the mechanism by which reputation is spread through Anonymous, it’s possibly to get moralistic grunts to download malware because they want to be part of a broad motion.

Of course, often when malware does become part of an op those attempting to run the op will quickly communicate this fact in order to head off the infection and get those downloading it to delete it and clean themselves up. However many people may remain infected because a good deal of those who downloaded the software themselves either are casual about their involvement or are aware of the illegality of their activity.

This is all part of an expected social-version Red Queen’s race between malicious parasite groups (malware producers) and their potential victims.

Malware and Trojans already spread through more “official” channels with equal ease such as mobile apps, Facebook, Twitter, etc. Social engineering is used constantly by malware and Trojan authors to trick victims into running their software to get them infected and they use brand names, or programs that look like they do something else. The result is the same: someone runs an app by what they think is a trusted source and the infection spreads.

Commenting on the leaderless, disorganized structure of Anonymous—even mentioning the appearance of hacker elite, ad hoc aristocracy, and ad hoc group mechanics, or that anyone can claim to be Anonymous—doesn’t divorce the social venue that Trojans use to spread. Anonymous is ultimately a bunch of people running computers (without much difference from people who use Facebook) and they can fall for the same scams and social tricks that the everyday computer user can.

Even as the FBI attempts to infiltrate various hacker groups and Anonymous hactivist cells by tethering turncoats like Xavier Monsegur (Sabu of LulzSec) they cannot hit the entire group. Since there are separate elite running their own ad hoc groups (if they’re lucky) or different hacker groups out there, much like the entire community of Facebook or Twitter may have thought-leaders spreading media and pulling people into their social gravity wells.

Like any tentatively related social group, even Anonymous doesn’t totally agree with itself (as it has no self outside the label convention) that “We are Legion” and the recent documentary to that effect shows a diverse set of people—and looking at Android Trojans, Facebook malware, website linkjacking, can target any group irrespective of any special interest just by offering bait that they’re interested in.