Slashdot Mirror
Korean DDoS Bots To Self-Destruct
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia
carries similar information."
0 0 0 Destruct 0
Good day to be a linux/mac user eh? In South Korea the worm eats your data.. doh!
Its all a plot to make people buy Mac
Wow, and I thought only 0 and 1 could actually be written to the hard drive.
Caveat Utilitor
You have to imagine if these computers are all infected with this one trojan, they are probably infected with god only knows how much other spyware, malware, backdoors, and spambots. This might just be a GOOD thing; when these compromised twits wake up to a completely wiped drive, it might be the thing that drives them to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all the aforementioned crapware.
At least this way they'll get cleaned up and (possibly) patched, right?
Compare it with biological malware. Ebola causes more damage than AIDS, but it's less of a concern, because it kills the host dead pretty quickly. AIDS causes more havoc, because the host survives for such a long time.
about time windows boxes self destructed... people might start to question windows security issues more if their boxes died rather than just slowed down...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Precisely my thought on reading the summary -- good riddance to some severely compromised systems on the one hand, and on the other, I sincerely hope the users gain a clue.
Getting hit with the clue bat hurts. Otherwise, folks tend not to remember.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
It's already Friday in most time zones. Is this happening?
I'm still running a huge network of unpatched XP SP1 boxes and
Let's hope the guy who's good at curing cancer is also good at making backups...
Seriously. It overrides every attached HD. How well does a RAID stand up to that in terms of data protection? Or an attached USB HD?
I've been trying to figure out whose independence day it is referring to. Based on Wikipedia, it's not Korea's (North or South) China, Japan, the US, or Russia. Nearest I can figure for Friday, July 10th is... the Bahamas?
...Unless it means next Friday, July 17th which celebrates South Korea's Constitution Day; the day that the Korean Constitution was proclaimed in 1948. But, no, clearly it's the Bahamas.
Demented But Determined.
> From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.'
Did the washington post writer get this wrong, or is this a misreported urban legend? The "trojan horse" part doesn't make any sense -- the computer is already compromised.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
You know you live in a fucked up country when you collectively hate the Bahamas.
Hats off, Kim Jong-Il. That's going to be a tough one to beat.
Sucks to be running Windows.
*gets back to work in gedit*
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
The correct joke would be:
Everything looks fine !@#-)@^Y^)$_*^*$&@) memory of the independence dayuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
And then the lameness filter would ruin it anyway.
NO.
In fact the S. Korean government is publically saying that North Korea is to suspect, along with some "pro-North" factions in South Korea.
Or, in terms you are more familiar with: "OMG! TEH TERRORISTS! WHERE IS NATIONAL SECURITY?"
This will be an opportunity for the current government to distract people from their having put our nation into a pile of horseshit, and to round up some anti-government people for being "pro-North" and "hating freedom." Well, yes, *some* of them may be crazy enough to be pro-North, but many will be just innocent citizens who just can't stand any more crap from our current president.
Sounds familiar? Heh.
I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!
I'm surprised they aren't filling the storage with "kekekekekekekekekekekeke"...
The role of the writer is not to say what we can all say, but what we are unable to say. -Anais Nin
that a repeated sequence of "u" after "memory of the independence day" ...... makes no sense from any point of view.
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU mofo for even thinking about reminding me of that film
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU lost
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU won
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU can have a statue
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU must be joking, I was pissed as a newt!
memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU look cute as a panda
well, maybe not the last one . . .
Over at Yahoo ( http://tech.yahoo.com/news/ap/20090710/ap_on_hi_te/as_skorea_cyber_attack ) they are reporting that there are only 86 IP addresses causing the outages:
"SEOUL, South Korea -
Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea
used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers
Friday, amid suspicions North Korea was behind the effort."
Now, I'm a little skeptical that they didn't mean ISP instead of IP, but if it is true that there are only 86 hosts generating this much fanfare, then the network admins should be strung up with cat6 for not just blackholing these punks at the edge router. I guess we get the best govt. IT we can afford, right?
Contrary to popular belief, life is not a bitch. It is far far worse.
Actually it does something useful.
This will teach all negligent users to actually defend against zombifying.
One of my colleagues says, he wouldn't care if his machine is a zombie as long as it doesn't slow the machine significantly.
Patents Drive Free Software as Hurricanes Drive Construction Industry
This will be ugly and exciting at once. First of all, I bet all mob supported worm writers will be fuming, because someone broke silent agreement that there should be no destructive viruses, otherwise people would start to actually care. And if people care => more correctly patched boxes => less posibility to own them => no profit at all.
Second, it will send very interesting message to people who have ignored subject of IT security so far. Imagine company with 100 computers suddenly standing on nothing but the air - no data, no OSes to work with, nothing. Third, I am afraid that some control maniacs (those who usually end with having an actual power to be maniacal) will use it as an excuse to impose more control on Internet. Of course, it will be laughted at by serious IT security specs, but those freaks will freak out and it will be interesting and frightening at same time.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
Thanks for posting. I honestly cannot understand the nasty comments coming from some other people in this thread. A few people making a joke is one thing, but to have dozens of Slashdotters honestly describing this situation as good is rather bizarre.
Even if learning the hard way is the only way for some people, that doesn't mean we have to have no compassion for them.
Insert self-referential sig here.
I'm making that a tee shirt.
"memory of the independence day, uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu"
Why don't YOU get a clue? Punishing the user of an insecure OS will not do a damn thing. It will not do a damn thing to increase security. There will just be lots of people who are fucking upset because they lost a whole heaps of important files or memories (e.g. photos). It is not THEIR fault that windows is so fucked up (is it)? So, why do you take delight in them losing their data?
So, I hit YOU with you so called "clue bat" and I hope your meagre brain manages to parse it. I hope you remember this.
Cheers,
I'd be scrambling now to get that day off. Failing that, I'll find a doc that writes me a sick leave, if necessary for a bribe. Failing that I'd quit.
There is no way anyone in support will survive that day without a ringing in his ears.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bots and other malware that do no appreciable harm to their hosts have made users complacent about keeping their systems clean (or preferably secure). In the meantime, the collateral damage of spamfloods, spyware, and DDOS attacks has been inflicted on the whole community. An exemplary episode in which the infected machines actually suffer may wake users up again. Windows users are, as usual, the witless accomplices/culprits in this case, but Macs can be just as easily penetrated (demonstrated in the hackfests each year), and poorly administered Linux/BSD/Solaris systems can also be vulnerable.
Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
If the guy with the cancer cure isn't making backups his "cure" is gonna be just a careless.
How many time do we have to tell you, it isn't a backup until it's disconnected from the machine, it isn't a safe backup until it's with the neighbour ACROSS the street. (or at least in the car boot (trunk) on the street).
Security is not hard people...
Wait a second here. You can't have both. Either you dumb down the OS or you smarten people up. It's that simple. You want people to wipe their own asses? Then quit wiping it for them.
I am the lawn!
RAID isn't a backup / data protection measure so it's irrelevant. It contributes too high availably, nothing more.
Only big ligs use sigs.
If you have a disk-to-disk backup solution, most likely both sets of data will be hosed from this virus. Unless backups take place on tape, or the drives are rotated for off-site safety, the victim is fucked!
As much I'm happy to hear this virus self destruct, no one deserves irrecoverable data loss.
The hardware abstraction doesn't matter if all the virus does is make read/write calls using the OS like any other application. In other words, if Windows has a volume mounted, then the virus will be able to see it and whack it out of commission.
Life is not for the lazy.
Maybe it's Tmax Window's marketing campaign.
That's the real "viral" marketing.
Plus, it launched on July 4th, not a particularly significant day for North Koreans...
I find it interesting that I just read a British article on how the health of Kim Jong Il is failing that included the comment:
There are no obvious signs are that Kim Jong Il is in anything less than complete control but close examination of recent internal developments leads many Pyongyang-watchers fear to the conclusion that he appears to be preparing for a transition of power and leaning towards military hardliners instead of the more reform-oriented advisers he favoured earlier.
http://www.timesonline.co.uk/tol/news/world/asia/article6670248.ece
But really, what do they have to lose? The US and Europe have just announced that they will voluntarily kill what remains of their economies. If those "G8" clowns actually manage to carry out their plan, the future belongs to China and India. Actually, considering how much US debt China owns, the US future already belongs to China - bought and paid for.
I would even say they are still obsessed and paranoid about the U.S attacking any minute. There are a lot of mentally unstable and brainwashed people in North Korea.
You could say the same thing with s/U.S/terrorists/ and s/North Korea/US/. Brainwashing is in the eye of the beholder...
"We had to bomb that village in order to save it"
"This is NOT an invasion of Cambodia"
"The US is too big to be governed by a single office" (Oh and please reelect me anyway)
"Read my lips, no new taxes"
"I did not have sex with that woman, MS Lewinsky"
"Mission Accomplished!"
"If elected, I'll start withdrawing troops from Iraq in March"
It's truly amazing what sort of brainwashing some people will accept.
The lack of any computers in South Korea still left alive to run Starcraft will cause a country-wide panic. There will be riots on the streets! Blood will run free, mark my words...
Hi, I'm a Mac, and uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu...we're a PC.
I can just see a Windows user getting ineffectually angry when they lose all their data: "Come and see the insecurity inherent in the system!"
Sad for the users that lose precious data, I doubt they backed up if they can't be bothered to do the bare minimum of free AV and free anti-spyware. Still, they get a weekend to back up now, assuming that they're informed in time.
After that there will be a load of restored from install CD Windows XP machines ready to be taken over again.
If you have a disk-to-disk backup solution, most likely both sets of data will be hosed from this virus. Unless backups take place on tape, or the drives are rotated for off-site safety, the victim is fucked!
Any backup being it tape, disk or CD/DVD/BD/HVD or any backup media will still backup mall-ware and if you recover you are still going to get that mall-ware back. The only way you can recover from mall-ware is to have backed up data that does not have it on and that can be difficult once the target machine has been infected because normally you won't know when you got infected.
For many infected PC's or any computer for that matter the best recovery is one you know that does not contain any mall-ware or if unsure actually do a fresh build. For MS machines that may be the initial (one time) backup if this was originally done. Of course your data would most likely be compromised or even deleted and a bare metal recovery will just get back the base OS not the data. Even if you use Virtualisation you should have a pristine snapshot but you may only be able to get back compromised user data.
Regular backups are really required for the OS and the user's data however once an MS machine is compromised the users are in trouble especially if the person who downloaded the mall-ware is working with Admin privileges which unfortunately most MS Windows users do.
As far as RAID or even SAN go you are dead right, once storage devices are seen by the mall-ware they can be easily compromised providing the mall-ware has the necessary privileges. This is not to say Linux/Unix systems can't be comprised, they can but most (hopefully) users on *nix systems (OSF-X is Unix) don't work with Admin privileges and therefore any damage that could be inflicted by mall-ware is dramatically reduced. Actually another thing that does reduce the possibility of mall-ware attacks on *nix machines is the fact that it is very hard for mall-ware to hide itself against a determined System Admin.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
RAID is a partially-effective data protection measure - it does protect against certain scenarios for data loss (namely loss of a physical device). Your data is generally safer on a RAID than not (although it does introduce a new point of failure - the RAID software/hardware itself). However, I do agree with what you're getting at - it certainly shouldn't be used as the sole method of protecting important data.
Not having read the source to the worm I can't be sure, but I suspect that if the worm writes out a string of u's to ever sector on the systems "hard drive" the RAID controller will dutifully replicate that data across all the redundant drives wiping out all traces of the original data. RAID is useless for protecting against logical data loss.
The only true backup solution involving RAID would be having a rotating stack of raid-1 mirror devices that are rebuilt and then taken offline. That really is just a fancy way of doing a physical-level drive mirroring operation. It isn't necessarily a bad approach either since it solves the problem of how to replicate the system without taking it down. On the other hand, it isn't guaranteed to be corruption-free unless at the end of the backup operation something is done to force all open applications to clean themselves up (disk-wise) right before the mirror is severed. In reality there are other approaches that work better.
Seriously. It overrides every attached HD. How well does a RAID stand up to that in terms of data protection?
Well, all of the HDs in the RAID are still hardware functional, so the RAID is working 100%, and done its job.
No problems there what so ever!
This is why RAID != Backup
one thing about everybody having what would have been the total computing power of the planet 20 years ago on their desks is that any single person could perpetrate this. either that, or it's another sony rootkit gone wrong ...
Movie-playing appliance
That's called a DVD player. There are also game-playing appliances, but these are typically locked down so tight that works developed by students, hobbyists, and small businesses can't get in through the normal channels.
> Posted by timothy on Fri 10 Jul 01:41AM
> hard drives wiped of data come Friday.
NOW you tell me?!
- For the complete works of Shakespeare: cat
Maybe it's some kind of dead man's switch. The guy who released that worm may be in prison/dead and therefore never had time to replace the destructive payload that is going to be downloaded with some more "constructive" code (e.g. newer version of the worm with new targets).
. . . are not going to be able to post about it happening, are they?
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
If peoples machines are wiped It will sort of serve them right - people claim they won't run Linux because 'its not shiny enough' and that they can play games in Windows. Well they can still play the 'todays letter is U game'.
This might be just a ploy to bluff the owners or writers of the doomsday botnet, to try and reconfigure their servers,
and give the people setting up this ploy the ability to rescan the systems they think might be the ping servers, to then compare with
the original images they have, and be able to not only confirm which are the payload servers, but also how they might get modified...sort of a bluff technique if you will to indirectly confirm what you might be thinking.
There should be something like "drivers license" when you are connected to Internet with such speed. People having 2 megabyte/sec lines doesn't install at least a free antivirus, they disable the OS firewall (even when it is free) to run some junk which doesn't use the firewall API of Windows are the ones who really deserves their HD to get wiped.
Man they don't even run Windows Update. It is 1 click! It backs up too. Don't start with how evil MS updates has been, if you are that bugged, please get rid of Windows itself.
I am frustrated as a guy who had to setup a mail filter on Yahoo Mail to get rid of Korean spam. Yes, I have setup to detect Korean charsets, the "!!!" in subject which Korean spammers seems to love.
Things like
"If...
Body contains "charset="ISO-2022-KR""
Then...
Move message to Trash folder"
Seriously, this must stop. Being highest bandwidth country really gives them some responsibilities. Just like German Autobahn. Yes, there is no speed limit but their license exams are close to torture.
I doubt they backed up if they can't be bothered to do the bare minimum of free AV and free anti-spyware.
A backup doesn't help if the infected files have made their way into the backup. That's why you turn off System Restore on a Windows box if you're trying to clean off a virus or worm; 9 times out of 10, the worm has hidden copies of itself in your backups. But you knew that, didn't you? Didn't you?
Rule of Slashdot #0: You and people like you are not representative of the larger population. - A.C.
Hmm... maybe this is all a secret plot by frustrated web developers trying to rid the world of IE6.
In which case: Go Mydoom!
It's not a small amount, but considering there are 100s millions of machines around the world it is a pretty small amount.
How many machines out there have a HD failure everyday? I'm guessing it is less than 50,000, but probably not much lower. Google and wiki searching only gave me numbers like 3% annualized failure rate up to 13%.
Once the system is rebooted what kind of error message will they see? OS not Found from the bios? I wonder how many users will simply think their harddrive failed.
its as if millions of insecure computers suddenly cried out and then fell silent.
Thanks for writing that. Not that you're going to be able to penetrate the leftist-atheist Slashdot groupthink using actual facts, but thanks for posting it anyway. It's amazing how many people think that Catholicism == all of Christianity. Weird add-ons like transubstantiation are the reason I became a Protestant, actually.
Tired of FB/Google censorship? Visit UNCENSORED!
those are outright lies by politicians. disconnected and ridiculous
in north korea you are talking about a concerted effort since birth to convince your citizens the world outside your borders are full of bloodthirsty tribes ready to destroy you at a moment's notice
not that there doesn't exist people who believe that in the west, but there isn't a concerted effort by the government to create that belief
comparing real brainwashing in north korea with the worst example of demagoguery that you could find in the west: not even remotely in the same league
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Hey there Psychotria --
Up again now that it's morning here, and I find myself saying, "Oh, dear..." There was no delight in my initial posting, nor any self-satisfied "they're getting what they deserve". My thinking was much more along EdIII's lines. And, FWIW, at least some of my "clue bat" commentary was from personal experience. :S A good part of why I use Windows (and other MS software) as little as possible anymore has to do with being burned, repeatedly. I consider myself lucky that Windows screwed me over back in 2000-01 without the aid of online nasties, prompting me to do the hard work of learning proper setup, configuration, and ultimately a whole different system, well before the current clusterbleep of DIY botnet-for-hire madness arose.
So no, I wasn't intending any derision. Grim sympathy instead, and silver-lining thanks that at least the botnet will cease to exist, quite likely taking other malware offline in the process.
NB: You might want to work on how you perceive tone in writing. None of what you react to was intended, and while I now see how you might be able to read my post that way, it's also important to note that my post could be read multiple other ways as well. Before getting all fired up and throwing around angry language, it could be a good thing to double-check a poster's intent.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
I wondered about that. SELinux sounds like a great idea, so I took Fedora for a spin for a while to see what I could learn about it.
I learned that the documentation was cryptic at best and imprenetrable at worst, and that configuration was beyond me. So while the *idea* is fabulous, the execution rendered SELinux unusable to me.
I'm a translator, I don't have truckloads of free time to blow reading poorly written docs. (I acknowledge that there might be great docs out there, but I sure didn't find them.) Until such time as SELinux is either a requirement or the docs are rewritten (and possibly the config tools as well), I find that a proper firewall, log checking, and clueful browsing are doing me just fine. Oh, well.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
There are backups and then there are Backups. It's not a real Backup unless it's off-site. Buildings. Sometimes they burn down.
HAHA - sorry, looks like the mods didn't get the humor
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
It's still all complete bullshit, with or without the 'wierd add-ons'.
The thing on a car that slows you down is a "brake".
You win the Internet.
I don't think much damage will be caused by "overriding" hard disks, let's just hope it doesn't overwrite anything.
since all south korean online banking is done with windows computers, friday will seriously suck.
That's what VMware, Parallels, and Virtual Box are for. Just roll back to a snapshot that isn't infected.
You could probably accomplish the same thing with Deep Freeze (or a similar) product if all you have is straight Windows.
(Of course these are simply workarounds, and not treating the actual root cause of the issue.)
And then everyone can go on a spending spree, because once the virus hits their debts will all get rolled back anyway!
Ha ! My first ever Troll rating ... I spit on your ratings (except those of Funny). Pwah! Pwah! Like that I spit on them. For MS - OS does stand for Oh Shit.
Viva-la OS X
Viva-la Linux
Currently I spit on Google Chrome OS - but hey you never know.
Its not the years, its the mileage
How can you defend free-will without believing in God?
Either causality exists and your brain is a machine with a determined output to its inputs - or you have a magical soul which can move matter.
Just a curious atheist here...
What about a magical soul that can move matter implies God?
For that matter, several common interpretations of quantum mechanics indicate that the world is not strictly causal. Yet few people claim quantum mechanics implies the existence of a magical soul.
In other words you have a false dichotomy there.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Ahh, but quantum mechanics inserts a belief in randomness, not a strict break in causality.
How can you defend free-will without believing in God?
No problem. Many Worlds Interpretation. Just consider that, and Schrödinger's cat.
That reminds me.
Schrödinger and Heisenberg are driving around when they run over a cat. Asks Schrödinger: "Is it dead?" - "I can't be certain", responds Heisenberg.
Who is General Failure and why is he reading my hard disk?