[nsp-sec] Korea botnet actually deleting files?

Bill Woodcock woody at pch.net
Sat Jul 11 17:41:26 EDT 2009 

Anybody have any reliable information that this actually happened,  
yesterday?

                                 -Bill



>
> Korea DDOS virus mission shifts to destroying, erasing data
>
> PC users in South Korea may soon find their computer files gone
>
> By Martyn Williams
>
> http://www.computerworld.com/s/article/9135369/Korea_DDOS_virus_mission_shifts_to_destroying_erasing_data?taxonomyId=17
>
>         (IDG News Service)—They say what goes around comes around  
> and on Friday owners of bot-infested PCs in South Korea will  
> discover that's true.
>
>         The owners of tens of thousands of bot-infested PCs in the  
> county – who've resisted calls all week to update or install anti- 
> virus software – will likely switch on their PCs on Friday to find  
> their data gone, said computer security specialist AhnLab.
>
>         From midnight local time (3 p.m. GMT Thursday) the virus,  
> which has been attacking prominent U.S. and South Korean government  
> and commercial Web sites all week, has been programmed to encrypt  
> user data or reformat the hard drive of the PC.
>
>         There are still ways to save an infected PC, although if the  
> owners have ignored security requests so far they might be unlikely  
> to follow AhnLab's recommendations. These involve starting Windows  
> in safe-mode by using the boot menu accessed through the F8 key at  
> start-up, setting the clock to before July 10 and then rebooting the  
> PC normally and updating anti-virus software or performing a free  
> scan to erase the virus.
>
>         The attacks have been headline news all week in South Korea,  
> where casualties have included the top-ranked news Web site, one of  
> the leading online auction sites, electronic banking portals of  
> several major banks and the home pages of the Ministry of National  
> Defense, the president's Web site, the National Assembly and the  
> U.S. Forces Korea.
>
>         Computer security companies have been urging people to  
> update their anti-virus software or download an application to  
> perform a free scan but many have, apparently, ignored those requests.
>
>         A third wave of attacks on Thursday night overloaded some of  
> South Korea's most popular Web sites and showed that the bot- 
> infested PC army was still alive and kicking.
>
>         But Thursday night's attacks might be the last. This shift  
> from attack to destroy may indicate the end of this particular round  
> of attacks, which started on July 4 against U.S. sites and hit South  
> Korean sites for three days in a row this week.
>
>         Little is known about the person or persons controlling the  
> virus although computer security experts say the attack itself is  
> not particularly sophisticated. That leaves the possible range of  
> culprits wide, from individuals with a relatively low level of  
> hacking skills to organized groups or governments who might have  
> employed a low-tech approach to confuse experts.
>





-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090711/5ce4ad96/attachment-0001.sig>

More information about the nsp-security mailing list