Skip to comments.S.Korean police: Hackers extracted data in attacks
Posted on 07/13/2009 11:54:23 PM PDT by Jet Jaguar
Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday.
The attacks, in which floods of computers tried to connect to a single Web site at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries.
The finding means that hackers not only used affected computers for Web attacks, but also attempted to steal information from them. That adds to concern that contaminated computers were ordered to damage their own hard disks or files after the Web assaults.
Still, the new finding does not mean information was stolen from attacked Web sites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement, they said.
Police reached those conclusions after studying a malicious computer code in an analysis of about two dozen computersa sample of the tens of thousands of computers that were infected with the virus that triggered the attacks, said An Chan-soo, a senior police officer investigating the cyberattacks. The officer said that only lists of files were extracted, not files themselves.
"It's like hackers taking a look inside the computers," An said. "We're trying to figure out why they did this."
Extracted file lists were sent to 416 computers in 59 countries, 15 of them in South Korea. Police have found some file lists in 12 receiver computers and are trying to determine whether hackers broke into those systems and stole the lists, An said.
(Excerpt) Read more at breitbart.com ...
Who doesn’t think china is behind this?
Thank you for the ping Jet Jaguar.
FRIDAY, JULY 10, 2009
“PCs Used in Korean DDoS Attacks May Self Destruct
Via Washington Post -”
SNIPPET: “According to Joe Stewart, director of malware research at SecureWorks, the malware that powers this attack — a version of the Mydoom worm — is designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads “memory of the independence day,” followed by as many “u” characters as it takes to write over every sector of every physical drive attached to the compromised system.
Stewart said he tested the self-destruct Trojan in his lab and found that it indeed erases the hard drive on the compromised system. For now, however, the Mydoom component isn’t triggering that feature.
“One possibility is there’s a bug in the code and it’s supposed to run but it doesn’t,” Stewart said. “Or, there may be a time factor involved, where it’s not supposed to erase the hard drive until a certain time.””