According to the security firm Symantec, Anonymous members who participated in distributed denial of service attacks (DDoS) to take down websites with a flood of traffic may have accidentally ended up scamming themselves with a trojan that steals banking information and other personal details.
DDoS attacks are what Anonymous has used to take down the CIA, the American Israel Public Affairs Committee and some FTC websites to name a few in 2012 alone. Conducting an attack such as this, which crashes the target server by overloading it with traffic, requires participants to install a program that allows them to repeatedly target a website.
Symantec explains how the DDoS download called Slowloris included a strain of Zeus trojan horse:
When the Trojanized Slowloris tool is downloaded and executed by an Anonymous supporter, a Zeus (also known as Zbot) botnet client is installed. After installation of the Zeus botnet client, the malware dropper attempts to conceal the infection by replacing itself with the real Slowloris DoS tool. Zeus is an advanced malware program that cannot be easily removed. The Zeus client is being actively used to record and send financial banking credentials and webmail credentials to the botnet operator. Additionally, the botnet is being used to force participation in DoS attacks against Web pages known to be targets of Anonymous hacktivism campaigns.
According to Symantec, this infected DDoS download began being used on Jan. 20, the same day the FBI shutdown the file-sharing site Megaupload.com and arrested its founder Kim Dotcom, much to Anonymous' displeasure. In response to shutting down this site, Anonymous hacked the Department of Justice, Recording Industry Association of America and Universal Music Group.
Symantec goes on to say that not only is participation in DDoS attacks on websites against the law, but those in the group involved in the attacks may now know what it's like to have their own information stolen.
Anonymous often uses Twitter to announce planning and completion of attacks. Spreading information via the micro-blogging site of this potential trojan was no different, but the hacking collective seemed to have mixed reviews if it was a legitimate threat to participants' information or not:
With the arrest of a couple dozen Anonymous members in several countries last week and five members of the sect LulzSec being ratted out by their own ringleader this week, it may seem to some as if the hacktivist collective is being weakened in a way. Yesterday, the Blaze reported Anonymous saying that the collective is not just one group but a movement with ideals that will remain strong. Gizmodo also reports that group issued a letter response yesterday as part of its attack on Panda Security, which is said to have helped arrest the 25 members last week. The group addressed LulzSec's former leader Sabu -- or Hector Xavier Monsegur of New York who worked as an informant for the FBI after he was caught -- saying "We understand, but we were your family too. (Remember what you liked to say?)... It's sad and we can't imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to police."