The hacker group Anonymous has been quite busy as of late, claiming responsibility fortakedowns of the Department of Justice and numerous record label sites in support of file-sharing site Megaupload, as well as hacking emails and passwords of Syrian government officials. According to Symantec, however, participants in the group’s DDOS attacks may have opened themselves up to being compromised.

@Yungjohnnybravo @TatWZA

The security firm explains that on January 20th — the day Megaupload co-founder Kim Dotcom was arrested — links to the Slowloris DDOS tool were changed on a frequently-shared Anonymous how-to guide. A second guide was also posted to Pastebin with the same link, which led to a trojanized copy that installed the Zeus trojan on users’ systems. The compromised download then replaced itself with a clean version of the tool to avoid detection.

The Zeus trojan collects email login information, banking credentials, and cookies, along with other information, sending them off to a command-and-control server that can also force infected machines to participate in additional DDOS attacks without the user’s direct permission. The tainted link has since been removed from the guides in question, and while it’s unclear how many Anonymous participants may have had their machines compromised, the numbers are certainly daunting. According to Symantec, the link to the second infected Pastebin guide was tweeted 400 times, racking up 26,000 views.

[theverge]