AfterDawn: Tech news

'Anonymous OS Live' is fake, full of trojans

Written by Andre Yoskowitz @ 15 Mar 2012 1:26 User comments (15)

'Anonymous OS Live' is fake, full of trojans The "Anonymous OS Live" open-source operating system is actually fake and full of Trojans, says the group.
SourceForge is hosting the 32-bit OS download, which is pre-loaded with a plethora of hacking tools.

Reads the description: AOSL was "created for educational purposes, to checking the security of Web pages." Users are also encouraged to "use any tool to destroy any Web page :) If you attack to any Web page, might end up in jail because is a crime in most countries!"

The @AnonOps Twitter account says however that the OS is "wrapped in Trojans" and not authorized by the group. So far the OS has been downloaded 37,000 times.

AOSL is built on Ubuntu and many suspect the "Anonymous" branding is just used to bring hits to the page.

Previous Next  

15 user comments

115.3.2012 13:29

An OS that IS A VIRUS? cool

215.3.2012 15:25

SourceForge have taken it down for now

315.3.2012 15:28

Did anyone DL'ing this even consider what they were doing? Has everyone forgotten the arch-linux based chimera distro?

If you were a proficient ITsec person, of the type to aid any Anon activities, you would already be using a highly regarded pentest distro. You wouldn't need the spoonfeeding that is this anonym-OS, chimera, or any other, right?

in short, if you need something like anonym-OS, trust that you do not know enough to actually do the things the OS promises you can do with it

This message has been edited since its posting. Latest edit was made on 15 Mar 2012 @ 3:46

415.3.2012 16:31

Still better than windows right? just kidding.

515.3.2012 16:38

I don't think this tripe is even endorsed by Anon and if it was it's bait for more pawns. Thanks god I'm not a coder by any stretch of the imagination, so this stuff is of no use to me. However, I'm not so clueless as to know that several of the 'tools' of the trade are also considered virus' or false positives.

Virtual environments area a wonderful thing.

615.3.2012 16:57

Originally posted by LordRuss:
I don't think this tripe is even endorsed by Anon and if it was it's bait for more pawns. Thanks god I'm not a coder by any stretch of the imagination, so this stuff is of no use to me. However, I'm not so clueless as to know that several of the 'tools' of the trade are also considered virus' or false positives.

Virtual environments area a wonderful thing.
indeed, Slowloris being the most recent lol. but many dists of LOIC have also added the downloader to a bot

as well as many other tools

also, there have been significant VMWare privilege escalation vulns, and with any suspect distro, normal local security protocols/measures may not be enough

715.3.2012 17:28

Originally posted by thedead:
also, there have been significant VMWare privilege escalation vulns, and with any suspect distro, normal local security protocols/measures may not be enough
As I've said in the past... I know quite a bit, but not everything. And to a degree, more than enough to get into trouble. Therefore, let experts (like I assume you to be) like you be the guide. I'm not to old to take notes.

Eyes & ears open... Mouth & ass shut!

815.3.2012 19:41
feloanon
Unverified new user

I'm an ex Ubuntu dev
and I have yet to find anything bad in it
but be on the look out of a botnet

915.3.2012 19:55

A Virus or Trojan in a Linux based system? I doubt it very, very much.

1016.3.2012 06:17

Anyone saying that linux cant have virus's is foolish, yes because of the way privilege escalation/sanitisation works in linux is much harder for a virus to take a hold, but not impossible, just a hell of a lot less likely.

https://en.wikipedia.org/wiki/Linux_malware

http://www.geekzone.co.nz/foobar/6229

http://packetstormsecurity.org/UNIX/penetration/rootkits

Ive not looked at the annon os, nor wish to, however it would be nice to see someone actually come up with some proof that its doing naughty things in the background, instead of offering no proof to backup their allegations.

As someone said, vmware escalation, boot sector re-writing, disk scanning, payload (c&c) communications etc would be my first thought of things that would be immediately possible. The os could be a very good way to payload into other things.

Anyone whos ever tried to clean a rootkit from a system will tell you the best way is to boot with another os (live cd) where you have the uppper hand, this is also reversible and is probably also the most easy way to dig into an os when its completely incapable of protecting its own file system.

My advice to anyone is stay well away from the annon os and consider instead running a known and trusted pentest os if thats your cup of tea, if not are your just another wannabe who thinks they are leet cus your can run annon os, haha lets sit back and see what unfolds just for the lulz.

:)

1116.3.2012 08:31

Originally posted by Wolf354:
A Virus or Trojan in a Linux based system? I doubt it very, very much.
Ah how naive you are

1216.3.2012 20:03

Originally posted by plazma247:
Anyone saying that linux cant have virus's is foolish, yes because of the way privilege escalation/sanitisation works in linux is much harder for a virus to take a hold, but not impossible, just a hell of a lot less likely.

https://en.wikipedia.org/wiki/Linux_malware

http://www.geekzone.co.nz/foobar/6229

http://packetstormsecurity.org/UNIX/penetration/rootkits

Ive not looked at the annon os, nor wish to, however it would be nice to see someone actually come up with some proof that its doing naughty things in the background, instead of offering no proof to backup their allegations.

As someone said, vmware escalation, boot sector re-writing, disk scanning, payload (c&c) communications etc would be my first thought of things that would be immediately possible. The os could be a very good way to payload into other things.

Anyone whos ever tried to clean a rootkit from a system will tell you the best way is to boot with another os (live cd) where you have the uppper hand, this is also reversible and is probably also the most easy way to dig into an os when its completely incapable of protecting its own file system.

My advice to anyone is stay well away from the annon os and consider instead running a known and trusted pentest os if thats your cup of tea, if not are your just another wannabe who thinks they are leet cus your can run annon os, haha lets sit back and see what unfolds just for the lulz.

:)
If I was injecting something somewhere .... what kind of information do you think I should keep in my PC? credit card number would be alright? (lol)

1316.3.2012 20:22

Credit Card Numbers, Launch codes you name it, I'm sure they will all be fine.

1416.3.2012 22:16

well people, on your box is safer than with companies. Not sure if it reached many news outlets but when PSN was cracked last year, the details were stored on the server in plaintext YES PLAINTEXT.

crazy as it sounds, the above average home user actually has better protection (and sense) than that.

i have an old box laying somewhere, might as well poke around with no danger of info compromise, and report back here or somewhere..

I mean why bother with the distro at all? it just all looks made for fanboys? the supposed creators even stated that , when rumours of viruses came out, with linux "there is not virus"

some greek anon fanboys have created the ultimate anon fanboy OS, else someone could have harnessed one huge, or several multiple bots.

may as well play with it later...

also, nice to know someone else still frequents packetstormsecurity, they always deserve more attention

1516.3.2012 22:47

Originally posted by thedead:
well people, on your box is safer than with companies. Not sure if it reached many news outlets but when PSN was cracked last year, the details were stored on the server in plaintext YES PLAINTEXT.
Plain text is what most databases are full of but it actually depends on what you are keeping the data for and how you plan to use it.

It's pointless encrypting people's names in a database if it's only people's names.

The credit card detail database didn't get hacked and that data was encrypted like you'd expect but I suspect that would only be the CC number and the ID number and maybe the date for the card, you you would encrypt that database and be far smaller and quicker to access and you can just tie that to a person record.

The above is really easy to do and would only be 2 databases in SQL yet tied together via 1 data record, so kept nice and clean overall.

I'd be more worried about your details being read off your bank card as it has the record in 4 places along the strip and you can piece the strip out of order to still be able to read a complete record all the data of your yourself and your bank account is un-encrypted on your bank card as well.

And you probably happily hand that bank card out to 5+ people everyday to be used in a reader, completely unbenknown to you that it has enough info on it to allow anyone to go and get loans and more credit cards in your name without you ever knowing.

Comments have been disabled for this article.

News archive