There's a new open-source Linux-based operating system that is branded with the name of the most famous "hacktivist" group, Anonymous. But members of that group are saying that they did not create it, and that the OS is packaged with Trojans.
The 1.5 GB, Ubuntu-derived OS is called Anonymous OS Live, and it's available via Source Forge in a 32-bit version that is supposed to include various hacker tools, including such Denial of Service apps as Slowloris and HOIC. Source Forge is often used as a repository for software code. The download also contains the security app Wireshark, a BitTorrent client, and the Firefox Web browser.
The alleged authors of the OS included a statement that it was "created for educational purposes," for checking the security of Web pages.
The purported makers also warn users that "if you attack to any Web page, might end up in jail because is a crime in most countries!" Such a warning against attacking a Web site is not characteristic of Anonymous communications, especially since it contains awkward syntax and a smiley-face emoticon.
A key difficulty in assessing the actions of an anonymous group of independent programmers, of course, is knowing who is actually Anonymous and who is not. One source of information, which is considered by many to be reliably from the organization, is the @Anonops account on Twitter, from which have emanated numerous, apparently authentic Anonymous communications in the past.
Tweets from that account have warned against downloading the OS, calling it "fake" and contending that it is "wrapped" in Trojan malware.
Some observers have suggested the OS was generated by a lone individual who used the Ubuntu Live CD Creator app.
Plot for a Cyber-Thriller?
In another sign that the OS creators might be deceptive, they have also included statements on their "anonymous-os" Tumblr micro-blog page that "in our world, in Linux and open source world, there is not virus," which is inaccurate -- not to mention that the language is not typical of the polished communiqués from the PR-conscious Anonymous.
Graham Cluley, senior technology consultant at security firm Sophos, wrote on his company's blog on Thursday that more than 20,000 users may have already downloaded the OS. He wondered "why would anyone want to put their trust in a piece of unknown software, written by unknown people, promoted on an Anonymous Tumblr Web page that you don't know is safe or not?"
In fact, he suggested, such an OS download could be the centerpiece of a cyber-thriller, where, in order to obtain information on the hacktivist network, an OS purporting to be from the mysterious network was made available -- but, in reality, it reported back information on its users. Cluley recalled that, earlier in 2012, a Slowloris Denial of Service tool had been made available to hackers on Anonymous -- and it was infected with Trojans.
That attack was conducted by the group as retailiation for a government raid on the New Zealand-based Megaupload site for violating intellectual property piracy laws.
Posted: 2012-03-18 @ 1:39pm PT
I have a feeling that os does not even hold a candle compared to backtrack.