'Anonymous OS Live' is fake, full of trojans

An OS that IS A VIRUS? cool

SourceForge have taken it down for now

Did anyone DL'ing this even consider what they were doing? Has everyone forgotten the arch-linux based chimera distro?

If you were a proficient ITsec person, of the type to aid any Anon activities, you would already be using a highly regarded pentest distro. You wouldn't need the spoonfeeding that is this anonym-OS, chimera, or any other, right?

in short, if you need something like anonym-OS, trust that you do not know enough to actually do the things the OS promises you can do with it

Still better than windows right? just kidding.

I don't think this tripe is even endorsed by Anon and if it was it's bait for more pawns. Thanks god I'm not a coder by any stretch of the imagination, so this stuff is of no use to me. However, I'm not so clueless as to know that several of the 'tools' of the trade are also considered virus' or false positives.

Virtual environments area a wonderful thing.

Originally posted by LordRuss:

---

I don't think this tripe is even endorsed by Anon and if it was it's bait for more pawns. Thanks god I'm not a coder by any stretch of the imagination, so this stuff is of no use to me. However, I'm not so clueless as to know that several of the 'tools' of the trade are also considered virus' or false positives.

Virtual environments area a wonderful thing.

---

indeed, Slowloris being the most recent lol. but many dists of LOIC have also added the downloader to a bot

as well as many other tools

also, there have been significant VMWare privilege escalation vulns, and with any suspect distro, normal local security protocols/measures may not be enough

Originally posted by thedead:

---

also, there have been significant VMWare privilege escalation vulns, and with any suspect distro, normal local security protocols/measures may not be enough

---

As I've said in the past... I know quite a bit, but not everything. And to a degree, more than enough to get into trouble. Therefore, let experts (like I assume you to be) like you be the guide. I'm not to old to take notes.

Eyes & ears open... Mouth & ass shut!

I'm an ex Ubuntu dev
and I have yet to find anything bad in it
but be on the look out of a botnet

A Virus or Trojan in a Linux based system? I doubt it very, very much.

Anyone saying that linux cant have virus's is foolish, yes because of the way privilege escalation/sanitisation works in linux is much harder for a virus to take a hold, but not impossible, just a hell of a lot less likely.

https://en.wikipedia.org/wiki/Linux_malware

http://www.geekzone.co.nz/foobar/6229

http://packetstormsecurity.org/UNIX/penetration/rootkits

Ive not looked at the annon os, nor wish to, however it would be nice to see someone actually come up with some proof that its doing naughty things in the background, instead of offering no proof to backup their allegations.

As someone said, vmware escalation, boot sector re-writing, disk scanning, payload (c&c) communications etc would be my first thought of things that would be immediately possible. The os could be a very good way to payload into other things.

Anyone whos ever tried to clean a rootkit from a system will tell you the best way is to boot with another os (live cd) where you have the uppper hand, this is also reversible and is probably also the most easy way to dig into an os when its completely incapable of protecting its own file system.

My advice to anyone is stay well away from the annon os and consider instead running a known and trusted pentest os if thats your cup of tea, if not are your just another wannabe who thinks they are leet cus your can run annon os, haha lets sit back and see what unfolds just for the lulz.

:)

Originally posted by Wolf354:

---

A Virus or Trojan in a Linux based system? I doubt it very, very much.

---

Ah how naive you are

Originally posted by plazma247:

---

Anyone saying that linux cant have virus's is foolish, yes because of the way privilege escalation/sanitisation works in linux is much harder for a virus to take a hold, but not impossible, just a hell of a lot less likely.

https://en.wikipedia.org/wiki/Linux_malware

http://www.geekzone.co.nz/foobar/6229

http://packetstormsecurity.org/UNIX/penetration/rootkits

Ive not looked at the annon os, nor wish to, however it would be nice to see someone actually come up with some proof that its doing naughty things in the background, instead of offering no proof to backup their allegations.

As someone said, vmware escalation, boot sector re-writing, disk scanning, payload (c&c) communications etc would be my first thought of things that would be immediately possible. The os could be a very good way to payload into other things.

Anyone whos ever tried to clean a rootkit from a system will tell you the best way is to boot with another os (live cd) where you have the uppper hand, this is also reversible and is probably also the most easy way to dig into an os when its completely incapable of protecting its own file system.

My advice to anyone is stay well away from the annon os and consider instead running a known and trusted pentest os if thats your cup of tea, if not are your just another wannabe who thinks they are leet cus your can run annon os, haha lets sit back and see what unfolds just for the lulz.

:)

---

If I was injecting something somewhere .... what kind of information do you think I should keep in my PC? credit card number would be alright? (lol)

Credit Card Numbers, Launch codes you name it, I'm sure they will all be fine.

well people, on your box is safer than with companies. Not sure if it reached many news outlets but when PSN was cracked last year, the details were stored on the server in plaintext YES PLAINTEXT.

crazy as it sounds, the above average home user actually has better protection (and sense) than that.

i have an old box laying somewhere, might as well poke around with no danger of info compromise, and report back here or somewhere..

I mean why bother with the distro at all? it just all looks made for fanboys? the supposed creators even stated that , when rumours of viruses came out, with linux "there is not virus"

some greek anon fanboys have created the ultimate anon fanboy OS, else someone could have harnessed one huge, or several multiple bots.

may as well play with it later...

also, nice to know someone else still frequents packetstormsecurity, they always deserve more attention

Originally posted by thedead:

---

well people, on your box is safer than with companies. Not sure if it reached many news outlets but when PSN was cracked last year, the details were stored on the server in plaintext YES PLAINTEXT.

---

Plain text is what most databases are full of but it actually depends on what you are keeping the data for and how you plan to use it.

It's pointless encrypting people's names in a database if it's only people's names.

The credit card detail database didn't get hacked and that data was encrypted like you'd expect but I suspect that would only be the CC number and the ID number and maybe the date for the card, you you would encrypt that database and be far smaller and quicker to access and you can just tie that to a person record.

The above is really easy to do and would only be 2 databases in SQL yet tied together via 1 data record, so kept nice and clean overall.

I'd be more worried about your details being read off your bank card as it has the record in 4 places along the strip and you can piece the strip out of order to still be able to read a complete record all the data of your yourself and your bank account is un-encrypted on your bank card as well.

And you probably happily hand that bank card out to 5+ people everyday to be used in a reader, completely unbenknown to you that it has enough info on it to allow anyone to go and get loans and more credit cards in your name without you ever knowing.