The arrest of Megaupload’s Kim Dotcom has upset Anonymous greatly, and they have been busy ever since the Megaupload takedown incident. In protest, the Anonymous took down the US Department of Justice website, a number of other record label websites and the Federal Bureau of Investigation website. This was their single largest attack ever.

However, a lesser-known fact has surfaced recently. Symantec studied the DDoS tools used by Anonymous, and found that the version of Slowloris they were using was in fact, infected with a Trojan itself!

Robert Hansen who goes by the alias RSnake wrote Slowloris. It is extremely effective for DDOS attacks on low bandwidth.

After Megaupload was shutdown, Anonymous circulated a list of tools to use for hacktivist operations. However, they (seemingly unintentionally) link to a remastered version of the Slowloris tool. On discovery of the exploit, Symantec said,

Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen.

Elaborate efforts have gone into shutting down Zeus but it keeps coming back always. Riding on the rage of the people against the Megaupload shutdown, the Zeus command and control center gobbled up bank account information, email accounts, cookies and a lot more.

After the matter became public, the link to Slowloris has been removed and it has definitely alerted the victims of this situation. Over the last few days, we will see many fresh OS installs and bank and email account credential changes. Will the Anonymous take revenge? Will we get to see a Zeus vs. Anonymous now?