Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

South Korean Banks, Media Companies Targeted by Destructive Malware
Mcafee Labs ^ | Wednesday, March 20, 2013 at 5:18pm | by Jorge Arias and Guilherme Venere

Posted on 03/21/2013 1:52:08 PM PDT by Ernest_at_the_Beach

Jorge Arias

A massive computer shutdown of two South Korean banks and media companies occurred Wednesday via an Internet malware attack. The malware wiped out the master boot records on the hard drives of the infected computers, overwriting the MBR with either one of these strings:

jarias-MBR

Figure 1: Snapshot of MBR after infection.

The attack also overwrote random parts of the file system with the same strings, rendering several files unrecoverable. So even if the MBR is recovered, the files on disk will be compromised too.

After that, the system is forced to reboot via the following command:

That action causes the computers to be unable to start because the MBR is corrupted.

(Excerpt) Read more at blogs.mcafee.com ...


TOPICS: Foreign Affairs; News/Current Events
KEYWORDS: cyberwar; korea; malware; southkorea

1 posted on 03/21/2013 1:52:08 PM PDT by Ernest_at_the_Beach
[ Post Reply | Private Reply | View Replies]

To: Ernest_at_the_Beach

Those nasties to the North got the code from China.....


2 posted on 03/21/2013 1:59:50 PM PDT by b4its2late (A Liberal is a person who will give away everything he doesn't own.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: b4its2late

More than likely....and the Chinese have been probing our systems.


3 posted on 03/21/2013 2:02:01 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 2 | View Replies]

To: b4its2late

China is pretty good at it.


4 posted on 03/21/2013 2:02:13 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Ernest_at_the_Beach

Guess who?

5 posted on 03/21/2013 2:05:03 PM PDT by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce; SunkenCiv
Doesn't detail how the malware got activated on the system.
6 posted on 03/21/2013 2:05:04 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 1 | View Replies]

To: b4its2late

Was traced to a China IP I believe


7 posted on 03/21/2013 2:05:24 PM PDT by dennisw (too much of a good thing is a bad thing --- Joe Pine)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Ernest_at_the_Beach

China is doing more than probing. They are actively attacking personal, corporate, and govt computers on a daily basis.

They even hacked the New York Times and were inside for 42 days. They were trying to find out who the sources were for some stories critical of China.


8 posted on 03/21/2013 2:05:35 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: dennisw

NK probably gets its internet from China.


9 posted on 03/21/2013 2:06:13 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: b4its2late; ShadowAce
These may have been servers....from the article:

**********************************EXCERPT**************************************

The malware then drops another file in %TEMP% named “pr1.tmp,” which is a BASH shell script that attempts to perform partition killing on three Unix types: Linux, HP-UX, and SunOS.

10 posted on 03/21/2013 2:12:23 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 2 | View Replies]

To: Ernest_at_the_Beach
Reuters is reporting that the attack originated from an IP address in China, and it matches the profile of previous attacks.

Reuters via Yahoo article here

11 posted on 03/21/2013 2:19:35 PM PDT by Old Sarge (We are officially over the precipice, we just havent struck the ground yet...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

But... but... we were always told that Linux was immune, and was superior, and was... and was...


12 posted on 03/21/2013 2:20:25 PM PDT by Old Sarge (We are officially over the precipice, we just havent struck the ground yet...)
[ Post Reply | Private Reply | To 10 | View Replies]

To: All
Chinese internet address involved in S. Korea cyberattack
13 posted on 03/21/2013 2:23:20 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 10 | View Replies]

To: Old Sarge
Nothing is totally immune.,....but noting is as open to malware as Windows driven PC’s.
14 posted on 03/21/2013 2:30:08 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 12 | View Replies]

To: Old Sarge
And:

Mac-specific Trojan discovered, injects ads into webpages

15 posted on 03/21/2013 2:36:41 PM PDT by Ernest_at_the_Beach ((The Global Warming Hoax was a Criminal Act....where is Al Gore?))
[ Post Reply | Private Reply | To 12 | View Replies]

To: Cicero

Wonder if those guys ***beep*** going thru the detectors at the airport? Heh...


16 posted on 03/21/2013 2:48:07 PM PDT by carriage_hill (The Most Insidious Power The Corrupt, Criminal Media Has, Is The Power To Ignore The Truth.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Ernest_at_the_Beach

Red Chinese....


17 posted on 03/22/2013 9:27:35 AM PDT by b4its2late (A Liberal is a person who will give away everything he doesn't own.)
[ Post Reply | Private Reply | To 10 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson