Anonymous Member Plans Open Source Malware, Automated Tools

By Fahmida Y. Rashid  |  Posted 2011-08-02

Businesses often time big product announcements just before a big technology trade show, so why should hacktivist collective Anonymous be any different?

A few days before the annual hacker conference Black Hat and DEFcon began in Las Vegas, a solitary developer who claim to be a member of the loose-knit group posted some code for open source malware tools on the text-sharing site PasteBin. The July 31 post discussed a development framework to develop malware, a new version of the distributed denial of service attack tool used by Anonymous and a set of tools to automate breaking into targeted systems.

The developer, under the name OpenDev, updated the Low Orbit Ion Cannon software used to launch distributed denial-of-service attacks and will make it available to its "members" in September. This version of LOIC, which allows users to simultaneously launch attacks against a designated target, has been renamed to #RefRef.

The new JavaScript tool is designed to use a target's own computing power to help bring it down in a method called resource exhaustion. The previous version of LOIC caused servers to crash by drowning the server with a flood of page requests.

Attacks are launched from the client-side by sending a script along with a normal server to the targeted server.

#RefRef is supposed to hide the attacker's identity better and to be able to run from any device that supports JavaScript, such as mobile devices and gaming consoles. LOIC doesn't hide IP addresses or hide any information, which has helped law enforcement authorities arrest a number of people recently for participating in past Anonymous DDoS operations.

OpenDev also will be releasing AnonWare, a framework for malware development written in C#. The malicious tool automates some of the virus-writing process to make it easier for beginners to get started and more efficient for experience writers, The TechHerald reported. It can be configured for Windows XP, Windows Vista and Windows 7.

"Ultimately, I would love for it to become the de-facto standard for open source viruses...really hoping that people start sending in code improvements so that AnonWare can begin to reach this goal," OpenDev said in an interview with the publication.

The code snippets pasted on PasteBin is not malicious on its own, but the comments indicate how a developer can use the skeleton to create a malicious software.

"Welcome to a new age of where AV software can't pick out the latest tweaks of where the malware is open source and always changing, improving, evading," according to the PasteBin post.

A Sophos threat researcher told the TechHerald that AnonWare was "an unimpressive, amateurish ad-hoc C# compiler that doesn't do much of anything for anyone they couldn't do with a different compiler."

Finally, OpenDev released an "auto-hacking" app called winAUTOPWN that bundles more than 500 exploits for known security flaws in commercial software, executables to run the exploits, a multi-threaded PortScanner and an exploit loading framework. The bundle is designed to be used to crack a target in an automated manner, which will leave fewer tracks and minimize the risks of getting caught.

Rocket Fuel