Yesterday we reported that, for reasons that we couldn’t entirely understand, Anonymous had released its own Linux distribution.
Not long after, one of the active Anonymous Twitter accounts tweeted that the operating system is in fact fake, and is “wrapped in Trojans”.
The Anon OS is fake it is wrapped in trojans. RT
— AnonOps (@anonops) March 15, 2012
The OS has been downloaded over 20,000 times in less than four days, and while a couple of the comments on SourceFourge indicate that it is fake, it still has a user rating of 62%, with 37 users giving it the thumbs up.
Seeing lots of news about just-released purported “Anonymous OS.” BE CAREFUL! Remember the Zeus Trojan incident w/Slowloris recently!
— Anonymous (@YourAnonNews) March 15, 2012
Whoever is behind the OS has shot back with a post, saying:
The #anonops on their twitter account say “That Anonymous-OS is wrapped in trojans.”
Please people… in our world, in Linux and opensource world, there is not virus.
If any user believe that Anonymous-OS “is wrapped in trojans” or “backdoored OS by any Law enforcement Company or Hacker” please don’t download it!
But don’t mislead the world that Linux is dangerous and has trojans!
It’s also worth noting that in the original post announcing the OS, the well-known Anonymous slogan has seen a slight change (emphasis is our own):
We are Anonymous.
We do not forgive.
We do not forget.
Don’t expect us, we are already here!
The departure from the typical Anonymous sign off could be an indication that there is definitely more here than meets the eye.
UPDATE: SourceForge has posted an official response to the project, detailing that it is a security risk and has been taken down. Here are some highlights from the post, bolded by us:
SourceForge, and the Open Source community as a whole, values transparency, particularly where issues of security are involved. This project isn’t transparent with regard to what’s in it. It is critical that security-related software be completely open to peer review (i.e., by providing source code), so that risks may be assessed along with benefits. That is not available in this case, and the result is that people are taking a substantial risk in downloading and installing this distribution.
Furthermore, by taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old.
We have therefore decided to take this download offline and suspend this project until we have more information that might lead us to think differently.
Either way, whether fake or not, as we advised earlier, it’s definitely not worth taking the risk of downloading the OS, no matter how curious you happen to be.