Some Anonymous members have been coughing up their login credentials for bank accounts, email services, and what-have-you by participating in the group's DDOS attacks.

The enemy of my enemy is my friend, right?

Victims of the various cyber-attacks by members of the hacktivist group Anonymous are undoubtedly enjoying a bit of schadenfreude this weekend, as a new report from Symantec indicates that some Anonymous members have been tricked into downloading and running a fairly unpleasant Trojan alongside one of their distributed denial-of-service tools.

"In these DDoS attacks, supporters using the Low Orbit Ion Cannon denial-of-service (DoS) tool would voluntarily include their computer in a botnet for attacks in support of Anonymous," Symantec writes.

"In the wake Anonymous member arrests this week, it is worth highlighting how Anonymous supporters have been deceived into installing Zeus botnet clients purportedly for the purpose of DoS attacks. The Zeus client does perform DoS attacks, but it doesn't stop there. It also steals the users' online banking credentials, webmail credentials, and cookies."

The Trojan problem's a fairly recent occurrence, as it allegedly popped up the day after Anonymous members launched online counter-offensives in retaliation for the loss of the site Megaupload (and the international arrest of its key management). An anonymous user changed a download link on January 20 within one of the Pastebin-based "How to use Slowloris" tutorials, one of Anonymous' DOS utilities, and pointed it to a Zeus botnet client instead.

"After installation of the Zeus botnet client, the malware dropper attempts to conceal the infection by replacing itself with the real Slowloris DoS tool," Symantec writes. "Zeus is an advanced malware program that cannot be easily removed. The Zeus client is being actively used to record and send financial banking credentials and webmail credentials to the botnet operator."

Symantec's listed out proof of the attack on its blog post: cookies, banking credentials, and a user's Gmail login and password that were all intercepted via decrypted HTTP Post messages sent between infected Anonymous members and the Trojan's "command and control" server.

And the irony? The Trojan still allowed Anonymous members to perform the denial-of-service attacks they had planned to launch. Or, as Gizmodo's Andrew Tarantola puts it, " congratulations script kiddies, I'm sure the satisfaction of knocking a few websites offline for a couple of hours in that online tantrum was totally worth opening your collective wallets to the Internet."

For more tech tidbits from David Murphy, follow him on Facebook or Twitter (@thedavidmurphy).