Slashdot Mirror
Korean DDoS Bots To Self-Destruct
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia
carries similar information."
0 0 0 Destruct 0
Good day to be a linux/mac user eh? In South Korea the worm eats your data.. doh!
Its all a plot to make people buy Mac
Wow, and I thought only 0 and 1 could actually be written to the hard drive.
Caveat Utilitor
You have to imagine if these computers are all infected with this one trojan, they are probably infected with god only knows how much other spyware, malware, backdoors, and spambots. This might just be a GOOD thing; when these compromised twits wake up to a completely wiped drive, it might be the thing that drives them to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all the aforementioned crapware.
At least this way they'll get cleaned up and (possibly) patched, right?
Compare it with biological malware. Ebola causes more damage than AIDS, but it's less of a concern, because it kills the host dead pretty quickly. AIDS causes more havoc, because the host survives for such a long time.
about time windows boxes self destructed... people might start to question windows security issues more if their boxes died rather than just slowed down...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Precisely my thought on reading the summary -- good riddance to some severely compromised systems on the one hand, and on the other, I sincerely hope the users gain a clue.
Getting hit with the clue bat hurts. Otherwise, folks tend not to remember.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
If you overwrote a random 50k computers what would you lose besides the ubiquitous personal photos, porn (some of which might be included in the former) and some game saves? Anyone that is at all concerned for the posterity and the permanency of their ideas/data should of been doing backups as soon as they could afford them. There is really no excuse with ubiquitous free and cheap online backup options and SD cards, cheap desktop RAID and even printing if you can mange a paper file system off site. I have no sympathy anymore for people who lose years worth of data with a single point of failure; and, neither should you.
An Education is the Font of All Liberty
Maybe they're just pissed about SC2.
It's already Friday in most time zones. Is this happening?
f(x)=u^U
Crank that.
I'm still running a huge network of unpatched XP SP1 boxes and
I've been trying to figure out whose independence day it is referring to. Based on Wikipedia, it's not Korea's (North or South) China, Japan, the US, or Russia. Nearest I can figure for Friday, July 10th is... the Bahamas?
...Unless it means next Friday, July 17th which celebrates South Korea's Constitution Day; the day that the Korean Constitution was proclaimed in 1948. But, no, clearly it's the Bahamas.
Demented But Determined.
> From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.'
Did the washington post writer get this wrong, or is this a misreported urban legend? The "trojan horse" part doesn't make any sense -- the computer is already compromised.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
You know you live in a fucked up country when you collectively hate the Bahamas.
Hats off, Kim Jong-Il. That's going to be a tough one to beat.
A Microsoft patch/tool made...I dunno, four+ years ago could have prevented all of this? You know, if people bothered to install it? Much like...Conflicker(? is this right?) the patch is readily availble before the damage really gets underway or done.
Security is not hard people...
For those who seek perfection there can be no rest on this side of the grave.
Sucks to be running Windows.
*gets back to work in gedit*
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
When the infected idiots wake up tomorrow and find that their hard drive was wiped, they'll go out and buy a new computer, and throw their old ones on the curb. And since I need some new parts for my machine...
The correct joke would be:
Everything looks fine !@#-)@^Y^)$_*^*$&@) memory of the independence dayuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
And then the lameness filter would ruin it anyway.
NO.
In fact the S. Korean government is publically saying that North Korea is to suspect, along with some "pro-North" factions in South Korea.
Or, in terms you are more familiar with: "OMG! TEH TERRORISTS! WHERE IS NATIONAL SECURITY?"
This will be an opportunity for the current government to distract people from their having put our nation into a pile of horseshit, and to round up some anti-government people for being "pro-North" and "hating freedom." Well, yes, *some* of them may be crazy enough to be pro-North, but many will be just innocent citizens who just can't stand any more crap from our current president.
Sounds familiar? Heh.
I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!
I'm surprised they aren't filling the storage with "kekekekekekekekekekekeke"...
The role of the writer is not to say what we can all say, but what we are unable to say. -Anais Nin
I'm pretty sure I'm samemory of the independence day uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
back when we used to fill hard drives with pr0n. Or the word "beable" repeated over and over.
that a repeated sequence of "u" after "memory of the independence day" ...... makes no sense from any point of view.
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU mofo for even thinking about reminding me of that film
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU lost
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU won
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU can have a statue
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU must be joking, I was pissed as a newt!
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU look cute as a panda
well, maybe not the last one . . .
Over at Yahoo ( http://tech.yahoo.com/news/ap/20090710/ap_on_hi_te/as_skorea_cyber_attack ) they are reporting that there are only 86 IP addresses causing the outages:
"SEOUL, South Korea -
Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea
used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers
Friday, amid suspicions North Korea was behind the effort."
Now, I'm a little skeptical that they didn't mean ISP instead of IP, but if it is true that there are only 86 hosts generating this much fanfare, then the network admins should be strung up with cat6 for not just blackholing these punks at the edge router. I guess we get the best govt. IT we can afford, right?
Contrary to popular belief, life is not a bitch. It is far far worse.
Actually it does something useful.
This will teach all negligent users to actually defend against zombifying.
One of my colleagues says, he wouldn't care if his machine is a zombie as long as it doesn't slow the machine significantly.
Patents Drive Free Software as Hurricanes Drive Construction Industry
This will be ugly and exciting at once. First of all, I bet all mob supported worm writers will be fuming, because someone broke silent agreement that there should be no destructive viruses, otherwise people would start to actually care. And if people care => more correctly patched boxes => less posibility to own them => no profit at all.
Second, it will send very interesting message to people who have ignored subject of IT security so far. Imagine company with 100 computers suddenly standing on nothing but the air - no data, no OSes to work with, nothing. Third, I am afraid that some control maniacs (those who usually end with having an actual power to be maniacal) will use it as an excuse to impose more control on Internet. Of course, it will be laughted at by serious IT security specs, but those freaks will freak out and it will be interesting and frightening at same time.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
Thanks for posting. I honestly cannot understand the nasty comments coming from some other people in this thread. A few people making a joke is one thing, but to have dozens of Slashdotters honestly describing this situation as good is rather bizarre.
Even if learning the hard way is the only way for some people, that doesn't mean we have to have no compassion for them.
Insert self-referential sig here.
I'm making that a tee shirt.
"memory of the independence day, uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu"
Seriously, what other country would be likely to attack both the US and S.Korea?
I mean really. Most of the countries that hate one of those at least don't want to antagonize the other or don't give a shit about the other.
On the other hand, if we're all paranoids, it's one of those countries that publicly love both the US and S.Korea but secretly despise them.
...how many people are sitting at their breakfast table, reading this in the newspaper and laughing at the idiots who do not protect their systems properly while their own PC is right now happily writing u's over their downloaded porn.
no sig
Why don't YOU get a clue? Punishing the user of an insecure OS will not do a damn thing. It will not do a damn thing to increase security. There will just be lots of people who are fucking upset because they lost a whole heaps of important files or memories (e.g. photos). It is not THEIR fault that windows is so fucked up (is it)? So, why do you take delight in them losing their data?
So, I hit YOU with you so called "clue bat" and I hope your meagre brain manages to parse it. I hope you remember this.
Cheers,
I'd be scrambling now to get that day off. Failing that, I'll find a doc that writes me a sick leave, if necessary for a bribe. Failing that I'd quit.
There is no way anyone in support will survive that day without a ringing in his ears.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bots and other malware that do no appreciable harm to their hosts have made users complacent about keeping their systems clean (or preferably secure). In the meantime, the collateral damage of spamfloods, spyware, and DDOS attacks has been inflicted on the whole community. An exemplary episode in which the infected machines actually suffer may wake users up again. Windows users are, as usual, the witless accomplices/culprits in this case, but Macs can be just as easily penetrated (demonstrated in the hackfests each year), and poorly administered Linux/BSD/Solaris systems can also be vulnerable.
Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
[Citation Needed]
It's just the new awareness campaign from the BBC, this one with permission ;-)
Maybe it's Tmax Window's marketing campaign.
That's the real "viral" marketing.
Plus, it launched on July 4th, not a particularly significant day for North Koreans...
I find it interesting that I just read a British article on how the health of Kim Jong Il is failing that included the comment:
There are no obvious signs are that Kim Jong Il is in anything less than complete control but close examination of recent internal developments leads many Pyongyang-watchers fear to the conclusion that he appears to be preparing for a transition of power and leaning towards military hardliners instead of the more reform-oriented advisers he favoured earlier.
http://www.timesonline.co.uk/tol/news/world/asia/article6670248.ece
But really, what do they have to lose? The US and Europe have just announced that they will voluntarily kill what remains of their economies. If those "G8" clowns actually manage to carry out their plan, the future belongs to China and India. Actually, considering how much US debt China owns, the US future already belongs to China - bought and paid for.
Its as if a million Windows machines were screaming and were suddenly silenced...
I would even say they are still obsessed and paranoid about the U.S attacking any minute. There are a lot of mentally unstable and brainwashed people in North Korea.
You could say the same thing with s/U.S/terrorists/ and s/North Korea/US/. Brainwashing is in the eye of the beholder...
"We had to bomb that village in order to save it"
"This is NOT an invasion of Cambodia"
"The US is too big to be governed by a single office" (Oh and please reelect me anyway)
"Read my lips, no new taxes"
"I did not have sex with that woman, MS Lewinsky"
"Mission Accomplished!"
"If elected, I'll start withdrawing troops from Iraq in March"
It's truly amazing what sort of brainwashing some people will accept.
As If Millions Of Voices Suddenly Cried Out In Terror And Were Suddenly Silenced
It's friday where I live now and not seen anything on this anywhere....
The lack of any computers in South Korea still left alive to run Starcraft will cause a country-wide panic. There will be riots on the streets! Blood will run free, mark my words...
Oh Boy!
Sounds like business will be picking up!
Hi, I'm a Mac, and uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu...we're a PC.
I can just see a Windows user getting ineffectually angry when they lose all their data: "Come and see the insecurity inherent in the system!"
Sad for the users that lose precious data, I doubt they backed up if they can't be bothered to do the bare minimum of free AV and free anti-spyware. Still, they get a weekend to back up now, assuming that they're informed in time.
After that there will be a load of restored from install CD Windows XP machines ready to be taken over again.
Where are all the smarties explaining that no virus will wipe out a Windows system for there's too much money to be made by using it as a zombie?
Please, geniuses?
one thing about everybody having what would have been the total computing power of the planet 20 years ago on their desks is that any single person could perpetrate this. either that, or it's another sony rootkit gone wrong ...
Movie-playing appliance
That's called a DVD player. There are also game-playing appliances, but these are typically locked down so tight that works developed by students, hobbyists, and small businesses can't get in through the normal channels.
> Posted by timothy on Fri 10 Jul 01:41AM
> hard drives wiped of data come Friday.
NOW you tell me?!
- For the complete works of Shakespeare: cat
. . . are not going to be able to post about it happening, are they?
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
If peoples machines are wiped It will sort of serve them right - people claim they won't run Linux because 'its not shiny enough' and that they can play games in Windows. Well they can still play the 'todays letter is U game'.
253 comments and no one has offered a clue to those who might have been pwned.
call 'em names if you must but you might throw a rope to someone sinking in the mud.
This might be just a ploy to bluff the owners or writers of the doomsday botnet, to try and reconfigure their servers,
and give the people setting up this ploy the ability to rescan the systems they think might be the ping servers, to then compare with
the original images they have, and be able to not only confirm which are the payload servers, but also how they might get modified...sort of a bluff technique if you will to indirectly confirm what you might be thinking.
Mod parent redundant.
Nerd rage is the funniest rage.
There should be something like "drivers license" when you are connected to Internet with such speed. People having 2 megabyte/sec lines doesn't install at least a free antivirus, they disable the OS firewall (even when it is free) to run some junk which doesn't use the firewall API of Windows are the ones who really deserves their HD to get wiped.
Man they don't even run Windows Update. It is 1 click! It backs up too. Don't start with how evil MS updates has been, if you are that bugged, please get rid of Windows itself.
I am frustrated as a guy who had to setup a mail filter on Yahoo Mail to get rid of Korean spam. Yes, I have setup to detect Korean charsets, the "!!!" in subject which Korean spammers seems to love.
Things like
"If...
Body contains "charset="ISO-2022-KR""
Then...
Move message to Trash folder"
Seriously, this must stop. Being highest bandwidth country really gives them some responsibilities. Just like German Autobahn. Yes, there is no speed limit but their license exams are close to torture.
It sounds like an attempt to mitigate the attack by getting complacent users to become worried about their data. I highly doubt anything at all will happen. Besides, why would someone dismantle their own botnet?
I doubt they backed up if they can't be bothered to do the bare minimum of free AV and free anti-spyware.
A backup doesn't help if the infected files have made their way into the backup. That's why you turn off System Restore on a Windows box if you're trying to clean off a virus or worm; 9 times out of 10, the worm has hidden copies of itself in your backups. But you knew that, didn't you? Didn't you?
Rule of Slashdot #0: You and people like you are not representative of the larger population. - A.C.
Hmm... maybe this is all a secret plot by frustrated web developers trying to rid the world of IE6.
In which case: Go Mydoom!
It's not a small amount, but considering there are 100s millions of machines around the world it is a pretty small amount.
How many machines out there have a HD failure everyday? I'm guessing it is less than 50,000, but probably not much lower. Google and wiki searching only gave me numbers like 3% annualized failure rate up to 13%.
Once the system is rebooted what kind of error message will they see? OS not Found from the bios? I wonder how many users will simply think their harddrive failed.
...or 7/5, or July 5th, or the day after July 4th, "hence memory of the independence day"
its as if millions of insecure computers suddenly cried out and then fell silent.
since all south korean online banking is done with windows computers, friday will seriously suck.
That's what VMware, Parallels, and Virtual Box are for. Just roll back to a snapshot that isn't infected.
You could probably accomplish the same thing with Deep Freeze (or a similar) product if all you have is straight Windows.
(Of course these are simply workarounds, and not treating the actual root cause of the issue.)
Thanks for writing that. Not that you're going to be able to penetrate the leftist-atheist Slashdot groupthink using actual facts, but thanks for posting it anyway. It's amazing how many people think that Catholicism == all of Christianity. Weird add-ons like transubstantiation are the reason I became a Protestant, actually.
Tired of FB/Google censorship? Visit UNCENSORED!
those are outright lies by politicians. disconnected and ridiculous
in north korea you are talking about a concerted effort since birth to convince your citizens the world outside your borders are full of bloodthirsty tribes ready to destroy you at a moment's notice
not that there doesn't exist people who believe that in the west, but there isn't a concerted effort by the government to create that belief
comparing real brainwashing in north korea with the worst example of demagoguery that you could find in the west: not even remotely in the same league
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
So do you enjoy believing you're a complete puppet whose every act is decided by the omniscient god ?
fell from the sky with pamphlets and smoke, and burned the skin on humans even when submerged under water.
Check your history first before calling North Koreans stupid.
Fact is far stranger than fiction if you decide to open your eyes and ears to the world around you, rather than following the rest of the sheeple around you.
Weather warfare was also used in Viet Nam.
New Orleans has had a real big upheaval in real estate - during and after Katrina.
Global warming is a Great Investment (TM) !
Those users voted for Windows. They funded Windows. They funded Windows application developers. They not only are part of Windows' marketshare, but they caused Windows' market share. They SCREAMED to the market with every dollar and cent they they had: We not want want quality and we will punish any developers who work on security, by purchasing from their competitor, Microsoft, instead of spending our money on stuff that works.
Each of them has known for many years that they are either part of a botnet, or they're still trying to join one.
They created the problem for everyone, and they consented to what happened to themselves.
They are not victims.
To the ones who aren't running this worm yet, ask yourself this: are you compatible with this worm? Has blind luck -- you just didn't happen to get infected this time -- saved you? If so, and you're still running Windows, then you've opted into the next worm. You can choose for this to happen to you, but you can't choose to be a victim, because the act of choosing causes you to not be a victim. Victimhood is all about unwillingness.
If you have already opted in (I don't know why you did that, but you did), you can still opt out, today. Right now. Being malware-free is as easy as Nancy Reagan advised: Just Say No. And the first step is to uninstall your existing malware: Windows itself.
>>Its all a plot to make people buy Mac
God I wish people would stop saying that. You really are going to get people to switch to MAC. Then when MAC starts to hover at 50% of the computer market share, guess which systems are going to get targeted? Yeah, our Macs.
It has always frightened my that a lot of MAC users want to be the majority market share of PCs. I think they are just stuck in the old thinking of more market means more apps ported and better hardware driver support. But they fail to see all the bad sides. Just enjoy being under the radar.
Hey there Psychotria --
Up again now that it's morning here, and I find myself saying, "Oh, dear..." There was no delight in my initial posting, nor any self-satisfied "they're getting what they deserve". My thinking was much more along EdIII's lines. And, FWIW, at least some of my "clue bat" commentary was from personal experience. :S A good part of why I use Windows (and other MS software) as little as possible anymore has to do with being burned, repeatedly. I consider myself lucky that Windows screwed me over back in 2000-01 without the aid of online nasties, prompting me to do the hard work of learning proper setup, configuration, and ultimately a whole different system, well before the current clusterbleep of DIY botnet-for-hire madness arose.
So no, I wasn't intending any derision. Grim sympathy instead, and silver-lining thanks that at least the botnet will cease to exist, quite likely taking other malware offline in the process.
NB: You might want to work on how you perceive tone in writing. None of what you react to was intended, and while I now see how you might be able to read my post that way, it's also important to note that my post could be read multiple other ways as well. Before getting all fired up and throwing around angry language, it could be a good thing to double-check a poster's intent.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
I wondered about that. SELinux sounds like a great idea, so I took Fedora for a spin for a while to see what I could learn about it.
I learned that the documentation was cryptic at best and imprenetrable at worst, and that configuration was beyond me. So while the *idea* is fabulous, the execution rendered SELinux unusable to me.
I'm a translator, I don't have truckloads of free time to blow reading poorly written docs. (I acknowledge that there might be great docs out there, but I sure didn't find them.) Until such time as SELinux is either a requirement or the docs are rewritten (and possibly the config tools as well), I find that a proper firewall, log checking, and clueful browsing are doing me just fine. Oh, well.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
HAHA - sorry, looks like the mods didn't get the humor
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
It's still all complete bullshit, with or without the 'wierd add-ons'.
The thing on a car that slows you down is a "brake".
You win the Internet.
http://www.digitalempireshop.com/how_do_i_get_rid_of_the_trojan_horse_virus.html
Ha ! My first ever Troll rating ... I spit on your ratings (except those of Funny). Pwah! Pwah! Like that I spit on them. For MS - OS does stand for Oh Shit.
Viva-la OS X
Viva-la Linux
Currently I spit on Google Chrome OS - but hey you never know.
Its not the years, its the mileage
How can you defend free-will without believing in God?
Either causality exists and your brain is a machine with a determined output to its inputs - or you have a magical soul which can move matter.
Just a curious atheist here...
What about a magical soul that can move matter implies God?
For that matter, several common interpretations of quantum mechanics indicate that the world is not strictly causal. Yet few people claim quantum mechanics implies the existence of a magical soul.
In other words you have a false dichotomy there.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Ahh, but quantum mechanics inserts a belief in randomness, not a strict break in causality.
http://it.slashdot.org/story/09/07/14/1715252/UK-Not-North-Korea-Is-Source-of-DDoS-Attacks
How can you defend free-will without believing in God?
No problem. Many Worlds Interpretation. Just consider that, and Schrödinger's cat.
That reminds me.
Schrödinger and Heisenberg are driving around when they run over a cat. Asks Schrödinger: "Is it dead?" - "I can't be certain", responds Heisenberg.
Who is General Failure and why is he reading my hard disk?