The ‘Anonymous-OS’, an Ubuntu Linux image full of hacking tools released earlier this week, has been denounced as a hoax designed to distribute Trojan malware.
Downloaded from Source Forge over 26,000 times since release and described as “created for educational purposes, [and] to checking the security of web pages,” the claims and counter-claims regarding Anonymous-OS have sown widespread confusion, leaving the software under suspicion despite a lack of evidence either way.
A Twitter message claiming to speak for Anonymous (that is, the real Anonymous) described it as being “wrapped in Trojans,” an ambiguous criticism that seems to have put many off the software for the time being.
“Just to inform the adventurous ones NOT to download this Live CD ISO image and test it, or even worse, install it on their machines!,” stated an anti-sec review on a separate site.
The OS is reported to include a greatest hits mix of DDoS tools including Low Orbit Ion Canon (LOIC), Slowloris, the Havij SQL injection utility, the John the Ripper password cracker, ParolaPass Password Generator, as well as communication tools such as IRC and Pidgin IM.
The root password is apparently easy to hunt down on Google. The source code has not been made available.
The chance of installing Trojans from Anonymous-OS – designed to be used from a CD or USB stick as a live version with a MATE GUI - is remote. Commercial Linux malware is almost unheard of and the operating system's technical audience make them a poor target in any case.
Backdoors are a more plausible threat but again the audience looks like an odd one to target in this way. The sort of users interested in DIY hacking would be low hanging fruit when other techie tools such as BackTrack are already well established.
What the small controversy does underline is how the Anonymous has become an amorphous brand that almost anyone with an anti-sec bent feels inclined to borrow. Claims to be associated with the hacking group are now so common as to have become almost meaningless.
One journalist who investigated Anonymous, Cole Stryker, recently summed up what has happened to the core of the anti-sec movement in recent times with a withering analysis: "Anonymous is a handful of geniuses surrounded by a legion of idiots."
However loose a coalition of the likeminded it has now become, 'Anonymous' continues to find targets, in recent weeks defacing the website of antivirus company Panda Security and launching a successful DDoS on The Vatican website.