Is Backdoor.Win32.Bifrose.aajx the 'Fawkes Virus' that Hacktavist Group Anonymous is Working On?

Red flags went up for many computer security analysts when news were released that Anonymous was working on a virus threat. Anonymous is a group of 4chan users, restricted almost exclusively to the /b board (random board) at this online image-sharing notice board. This online organization has been classified by many news sources as an online terrorist group. Anonymous is composed of a large number of computer users that do not reveal their identities. Working together, members of Anonymous have perpetrated a number of pranks online and in the physical world. They have also gained media attention for their protests against Scientology and for several cases of severe online harassment and bullying.

Guy Fawkes, a long-standing symbol for revolutionary causes, is one of Anonymous' most beloved symbols. The portrayal of the Guy Fawkes mask, as exemplified in the movie 'V is for Vendetta' remains one of the main identifying characteristics of this online organization. Anonymous is rumored to be working on a virus which is named after this emblematic character. Guy Fawkes virus is also known as the malware threat Backdoor.Win32.Bifrose.aajx. With this malware threat, Anonymous is attempting to take down one of the largest social media networks online, Facebook.

Backdoor.Win32.Bifrose.aajx appeared on Facebook in November of 2011, as part of an online scam claiming that it linked to Facebook's new voice chat and video features. This scam is written in Arabic and is intended to target Arabic speakers. When this fraudulent link is clicked, it downloads a compressed file in .zip format which, rather than contain this supposed new Facebook feature, contains Backdoor.Win32.Bifrose.aajx. Once installed, Backdoor.Win32.Bifrose.aajx acts as a typical backdoor Trojan. It gives a hacker control over the infected computer, has the capacity to keep track of keystrokes and online activity, and blocks known anti-malware application from functioning correctly.

Some security researchers have a slight deniability towards believing that the Anonymous hacker group of the Fawkes Virus is the culprit of recent Facebook spam attacks. Even still, a note posted on Pastebin, a network for sharing trending pastes, by 'AnonymousWiki' denied that Anonymous or the Fawkes Virus was behind the Facebook outbreak. Reiterating that idea and considering that the recent rash of Facebook spam includes explicit hardcore porn content, it would be only speculative to think that the Fawkes Virus and Anonymous are responsible. On the other hand, fingers point at Anonymous because of their previous pledge to take down Facebook on November 5th, Guy Fawkes Day.

Backdoor.Bifrose.aajx lacks the self-replication component of common threats that conduct attacks on a social network as vast as Facebook. Moreover, successful strategies against Facebook have involved an inclusive worm that is backed by an intellectual social engineering strategy. Usually this is the key component to initiating a spamming campaign or attack on Facebook which Backdoor.Bifrose.aajx lacks.

The video below was posted to Youtube by the Anonymous group explaining their intentions for initiating an attack using the Fawkes Virus spoken in a dull computerized voice.

Although Anonymous has claimed that they are working on a self-replicating virus, Backdoor.Win32.Bifrose.aajx is better classified as a Trojan backdoor since it cannot replicate itself or spread without outside help. Backdoor.Win32.Bifrose.aajx connects to a server located in Egypt from where it receives updates. It also relays information about the infected computer system to an outside source. To avoid the Guy Fawkes virus, it is essential to be careful about clicking unknown or suspicious links found on Facebook, spam email, or other social media networks.