hmm, reconstructing the timeline of events, the trigger may have been tweet 776497511594860544 after all and it was just misguided antispam
Conversation
Replying to
no, I suspect the domain, people used to advertise the LOIC on twitter during anonops and probably other times
it's ~arguably~ malware (esp. with all the trojaned versions around), and nobody cleans out old antispam lists (source: experience)