A SECURITY OUTFIT has identified what it thinks is the Guy Fawkes virus that hacker group Anonymous is working on.
Bitdefender claims that it has identified a piece of malware that looks and acts like the virus that the group was talking about last week when it said that the powerful malware could be used to wreak havoc at Facebook.
Razvan Livintz, an e-threats analyst at Bitdefender blogged that the firm had found a piece of malware that for now it is calling backdoor-Bifrose-AAJX.
Like the Guy Fawkes code, this software was first spotted early in July, which tallies with the statement from Anonymous.
"The same day, it appeared on Facebook under the guise of a scam purporting to offer a "New Facebook Video Chat with Voice Features", according to its description (which, by the way, is in Arabic), if the unwary user follows a link and downloads an archive named scan_facebook.zip," said Livintz.
"Once it compromises a system, Backdoor-Bifrose-AAJX does pretty much what the hacktivists say, which is: injects itself in IE process, provides a remote attacker unhindered access to the compromised system, records keystrokes and kills several processes of known anti malware solutions, if installed on the computer."
This malware does not have self replication features, like the one Anonymous was talking about, and it connects to a remote server in Egypt, which was not mentioned in the Anonymous video.
"So far, although this threat resembles pretty well what Anonymous purports to be their ultimate weapon in the battle against other groups or individuals undermining their interests, it maintains quite a low profile," added the Bitdefender blogger.
"Is Anonymous trying to hoodwink us? Does such malware actually exist? If it does, did Anonymous actually release it or are they just trying to evaluate users' reaction to such a threat?"
Last week Anonymous said that it was working on getting the virus under control, adding that once it did it would use it against its opponents. µ
Well, that's something
Two gigs is the new one gig
Passwords like '123456' and 'Password' won't be allowed