Is New Self-Styled Anonymous Toolkit a Trojan Horse?

An unnamed programmer is promoting a do-it-yourself kit for hacking and remaining undetected online aimed at aspiring Anonymous hacktivists, security experts are warning.

On Wednesday, an individual purporting to be a member of the hacker activist group Anonymous made freely available online a package of software, including password crackers and mechanisms for knocking websites off line. One application called "high-orbit ion canon," or HOIC, is used to launch denial of service attacks that jam websites by paralyzing Web servers with useless traffic.

"The new distribution comes loaded with tools useful to hackers, security researchers and those interested in preserving their anonymity online," states a report by the Kaspersky Lab Security News Service.

The so-called operating system "Anonymous-OS" is offered on a site emblazoned with the hallmarks of Anonymous, including misspellings, the motto "We are Anonymous.

We are Legion. . . . Expect Us!" and the iconic Guy Fawkes mask. But it is unclear whether the package is the work of an organized movement or a rogue hacker.

The appearance of the toolkit comes on the heels of a well-publicized crackdown on Anonymous in which the FBI captured five Anonymous members and a sixth member-turned-informant pled guilty.

One Twitter account associated with Anonymous warned followers that the software suite could be a ruse intended to infect activists' computers: "Seeing lots of tweets about purported 'Anonymous OS' released earlier. BE CAREFUL! Remember the Zeus Trojan incident w/Slowloris recently!" A recent version of the denial of service application Slowloris tricked Anonymous supporters by installing "Zeus" malicious software, which steals a user's online credentials and banking information.

Security expert Brian Krebs, a former Washington Post reporter, retweeted the message later in the day.

The site carrying Anonymous-in-a-box provides a tongue-in-cheek disclaimer, "Created for educational purposes, to checking the security of web pages. Please don't use any tool to destroy any web page :) If you attack to any web page, might end up in jail because is a crime in most countries!"

Some of the downloads, including Sqlmap and Havij, can help find site vulnerabilities for hackers to exploit. One item, Admin Finder, scours for webpages that let outsiders login as site administrators. There are tools for accessing Tor, a Web navigation system that allows users to hide their digital tracks. And there is XChat IRC, an application that lets an individual participate in multiple hacker chatrooms at once. John the Ripper is an aptly-named password cracker, while Wireshark is a well-meaning network analysis tool that can be misused to extract passwords.