When you hear the word “Anonymous,” what comes to your mind?  The movie about the “real story” behind William Shakespeare?  A group or hackers?  Or do you think of them as hackitivists?  People have different perceptions about Anonymous the group, but would you ever think of Anonymous as a victim?

In a recent post from Symantec, the security specialist stated that some Anonymous supporters have unknowingly downloaded Zeus, a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet in their hopes of supporting and participating in denial-of-service (DDoS) attacks.

Apparently, a different group of hackers, lets call them Z-hackers, modified a popular PasteBin guide used by Anonymous members for downloading and using the DoS tool Slowloris.  the Z-hackers changed the download link to a Trojanized version of the Slowloris tool.  The attack on Anonymous happend the day Megaupload was raided by the FBI.  On the same day, Anonymous posted their own DoS guide on PastBin, but it also included the Trojanized tool.

When an Anonymous supporter downloads and executes the Trojanized Slowloris tool a Zeus (also known as Zbot) botnet client is installed.  The malware dropper then attempts to conceal the infection by replacing itself with the real Slowloris DoS tool.

“Zeus is an advanced malware program that cannot be easily removed,” said the Symantec post.  “The Zeus client is being actively used to record and send financial banking credentials and webmail credentials to the botnet operator. Additionally, the botnet is being used to force participation in DoS attacks against Web pages known to be targets of Anonymous hacktivism campaigns.”

“Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen. The joining of malicious financial and identity fraud malware, Anonymous hacktivism objectives, and Anonymous supporter deception is a dangerous development for the online world. We will continue to watch for new developments,” Symantec added.

It’s the latest in a string of confusing developments in technology’s security landscape, where an air of lawlessness still presides.  The Zeus attack is yet another reminder for consumers to be vigilant in their own device protection, changing passwords regularly and maintaining software on their devices.