Slashdot Mirror
Korean DDoS Bots To Self-Destruct
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia
carries similar information."
You have to imagine if these computers are all infected with this one trojan, they are probably infected with god only knows how much other spyware, malware, backdoors, and spambots. This might just be a GOOD thing; when these compromised twits wake up to a completely wiped drive, it might be the thing that drives them to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all the aforementioned crapware.
Precisely my thought on reading the summary -- good riddance to some severely compromised systems on the one hand, and on the other, I sincerely hope the users gain a clue.
Getting hit with the clue bat hurts. Otherwise, folks tend not to remember.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
If we're lucky. Odds are MS will use this as an opportunity and say: See why you need Win7? Upgrade now for the measly price of 99.99$.
u in binary (yeah, I know what you meant):
1010 0101
I would have expected
0101 0101
which is "U"
(or 1010 1010, but that doesn't seem to be a nice ASCII character I can type)
Hmm, maybe it is a capitalization error on someones part, or maybe they just like the palindromic nature of 1010 0101?
Let's hope the guy who's good at curing cancer is also good at making backups...
Seriously. It overrides every attached HD. How well does a RAID stand up to that in terms of data protection? Or an attached USB HD?
> From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.'
Did the washington post writer get this wrong, or is this a misreported urban legend? The "trojan horse" part doesn't make any sense -- the computer is already compromised.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Sucks to be running Windows.
*gets back to work in gedit*
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!
Over at Yahoo ( http://tech.yahoo.com/news/ap/20090710/ap_on_hi_te/as_skorea_cyber_attack ) they are reporting that there are only 86 IP addresses causing the outages:
"SEOUL, South Korea -
Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea
used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers
Friday, amid suspicions North Korea was behind the effort."
Now, I'm a little skeptical that they didn't mean ISP instead of IP, but if it is true that there are only 86 hosts generating this much fanfare, then the network admins should be strung up with cat6 for not just blackholing these punks at the edge router. I guess we get the best govt. IT we can afford, right?
Contrary to popular belief, life is not a bitch. It is far far worse.
Actually, it CLEARLY is a plot. It should be pretty obvious to everyone...
It was designed to attack less important government websites, while keeping collateral damage to a minimum... No attempts on the power grid, FAA, etc., and no private companies affected.
Joe Lieberman went up before a room full of press and cameras and said, (roughly) "If this was someone sending us a message, we got it loud and clear."
Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?
And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.
So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
It sounds more like the destruction of evidence. But then again, why'd I want to do that if I was already identified as the culprit? What could I gain? If anything, I'd want the attack to continue indefinitly, even after I've been wiped out, so to maximize the damage to my enemy even if I should not survive it.
To anyone playing chess: If you can't save your queen, make sure you can trade it for his.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'd be scrambling now to get that day off. Failing that, I'll find a doc that writes me a sick leave, if necessary for a bribe. Failing that I'd quit.
There is no way anyone in support will survive that day without a ringing in his ears.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bots and other malware that do no appreciable harm to their hosts have made users complacent about keeping their systems clean (or preferably secure). In the meantime, the collateral damage of spamfloods, spyware, and DDOS attacks has been inflicted on the whole community. An exemplary episode in which the infected machines actually suffer may wake users up again. Windows users are, as usual, the witless accomplices/culprits in this case, but Macs can be just as easily penetrated (demonstrated in the hackfests each year), and poorly administered Linux/BSD/Solaris systems can also be vulnerable.
Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Yeah you're not stereotyping at all. You're right, Linux propagation is not about "improving the world's computer safety". Life is not a comic book and we're not IT vigilantes looking to fight the unjust. I'll let you in on a secret, we all use Linux for various reasons. Some because of the copyleft, some because it's free of charge, some because once it's yours it's actually yours and not on lease and others for many other reasons. For me it's more about the terms. I mainly dislike Windows or OS X due to the terms. These terms are strictly due to the policies of each company producing the OSs, thus it is not the software itself but e.g. MS and Apple that make me not want to use it. There are of course other aspects but I believe that they are merely a product of the terms, and that if the terms would change so would these, such as interoperability and freedom of choice rather than dependency.
I am the lawn!
There are two types of people in this world - those who make regular backups and those who have never suffered data loss. The net result is the same, I don't see how data loss through an insecure OS is any different to data loss through theft, fire, HDD failure.
People in IT go on about backups like a mantra, repeating it like Ballmer repeats "Developers! Developers! Chair...er... Developers!". Yet I guarantee you not a single person walking this green earth has ever paid proper attention to that mantra - at least, not until they lost something important.
I don't have a great deal of sympathy for anyone whose data is at serious risk from something like this. They'd have lost it all eventually anyhow, one way or another.
I care because their compromised machines mess with mine.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Point taken. However, most people in the U.S think that their leaders are full of crap. Not much different than most parts of the world.
However, in North Korea, the average citizen has practically zero access to information from the outside.
So if brainwashing was say... at a 3/10 in the U.S, it's a 10/10 in North Korea. I mean, come on, your hands rotting off by picking up a piece of paper? It's not like the levels of bullshit are equal in the scope of the lies they represent or their damage.
I did not bring up the point to say America is "number one" and that our crap does not stink, just wanted to point out that with all the brainwashing going on in North Korea it is fact that the average North Korean hates and fears us. To say that July 4th is not a significant day in their lives is just incorrect. That's all I was sayin'.
No, the havoc is caused because the host survives symptom free for a long time, potentially spreading the disease for years before being tested and diagnosed, especially in less developed countries.
A guy bleeding from his nose, eyes, and ears is a pretty sure sign that you shouldn't shake his hand.
Finally had enough. Come see us over at https://soylentnews.org/
And anything that may get the average S. Korean to take computer security seriously and not roll their eyes dismissively when you make secure practice recommendations, is a plus in my book.
Well, to be frank, Y2K didn't happen partly because it was hype, sure, and partly because everyone jumped on it and if there was serious systems which could fail, they were fixed. Claiming that all it was hot air would be going in same absolutes like claiming that it could have definitely caused end of the world.
This time, I am not so sure that it is Y2K type. It could be pure sensationalism, sure, but such virus can be written by anyone. I simply see it as virus authors so far haven't been interested of causing damage to PCs - mostly because they need them to do their DDoSing and spam spewing.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
It's not a small amount, but considering there are 100s millions of machines around the world it is a pretty small amount.
How many machines out there have a HD failure everyday? I'm guessing it is less than 50,000, but probably not much lower. Google and wiki searching only gave me numbers like 3% annualized failure rate up to 13%.
Once the system is rebooted what kind of error message will they see? OS not Found from the bios? I wonder how many users will simply think their harddrive failed.