A new operating system brimming with Anonymous’ ubiquitous imagery sprouted up briefly this week as a free download. The software, which featured DDoS and hacking information wrapped up neatly in a Linux bow, was also full of something else: trojans.
Soon after the OS debuted, the hacker collective took to Twitter to distance itself from the virus-packed upload and warn off potential downloaders.
“The Anon OS is fake, it is wrapped in trojans,” AnonOps wrote Wednesday, requesting its nearly 300,000 followers to retweet the information.
Another Anonymous outlet, YourAnonNews, had no sympathy for the gullible folks who downloaded it. “We are not responsible for other people’s lack of common sense,” it wrote on Thursday, adding that the group had “repeatedly” warned against downloading the OS.
Graham Cluley, a technology consultant for cyber security company Sophos, agreed with the sentiment.
“Anonymous OS isn’t a threat to the average guy in the street or to office workers, the only people who might be impacted by it are those who are foolish enough to knowingly install unknown software onto their computers,” Cluley wrote at Sophos’ Naked Security blog.
SourceForge, the open-source depot that hosted the fake Anonymous OS, removed the software once operators realized something was fishy. The site’s community team issued a statement explaining the decision:
SourceForge, and the Open Source community as a whole, values transparency, particularly where issues of security are involved. This project isn’t transparent with regard to what’s in it. It is critical that security-related software be completely open to peer review (i.e., by providing source code), so that risks may be assessed along with benefits. That is not available in this case, and the result is that people are taking a substantial risk in downloading and installing this distribution.
Furthermore, by taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old.
We have therefore decided to take this download offline and suspend this project until we have more information that might lead us to think differently. We’ll be in touch with the project admin, and let you know if and when we find out anything to contrary, but for now, that’s what we’re doing.
The myriad warnings didn’t reach some. IT news site eWeek reports that more than 37,000 people downloaded the OS prior to its removal.