Slashdot Mirror
Korean DDoS Bots To Self-Destruct
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia
carries similar information."
Good day to be a linux/mac user eh? In South Korea the worm eats your data.. doh!
Its all a plot to make people buy Mac
Wow, and I thought only 0 and 1 could actually be written to the hard drive.
Caveat Utilitor
You have to imagine if these computers are all infected with this one trojan, they are probably infected with god only knows how much other spyware, malware, backdoors, and spambots. This might just be a GOOD thing; when these compromised twits wake up to a completely wiped drive, it might be the thing that drives them to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all the aforementioned crapware.
Precisely my thought on reading the summary -- good riddance to some severely compromised systems on the one hand, and on the other, I sincerely hope the users gain a clue.
Getting hit with the clue bat hurts. Otherwise, folks tend not to remember.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
If we're lucky. Odds are MS will use this as an opportunity and say: See why you need Win7? Upgrade now for the measly price of 99.99$.
It's already Friday in most time zones. Is this happening?
I'm still running a huge network of unpatched XP SP1 boxes and
Let's hope the guy who's good at curing cancer is also good at making backups...
Seriously. It overrides every attached HD. How well does a RAID stand up to that in terms of data protection? Or an attached USB HD?
I've been trying to figure out whose independence day it is referring to. Based on Wikipedia, it's not Korea's (North or South) China, Japan, the US, or Russia. Nearest I can figure for Friday, July 10th is... the Bahamas?
...Unless it means next Friday, July 17th which celebrates South Korea's Constitution Day; the day that the Korean Constitution was proclaimed in 1948. But, no, clearly it's the Bahamas.
Demented But Determined.
> From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.'
Did the washington post writer get this wrong, or is this a misreported urban legend? The "trojan horse" part doesn't make any sense -- the computer is already compromised.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
You know you live in a fucked up country when you collectively hate the Bahamas.
Hats off, Kim Jong-Il. That's going to be a tough one to beat.
Sucks to be running Windows.
*gets back to work in gedit*
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
The correct joke would be:
Everything looks fine !@#-)@^Y^)$_*^*$&@) memory of the independence dayuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
And then the lameness filter would ruin it anyway.
NO.
In fact the S. Korean government is publically saying that North Korea is to suspect, along with some "pro-North" factions in South Korea.
Or, in terms you are more familiar with: "OMG! TEH TERRORISTS! WHERE IS NATIONAL SECURITY?"
This will be an opportunity for the current government to distract people from their having put our nation into a pile of horseshit, and to round up some anti-government people for being "pro-North" and "hating freedom." Well, yes, *some* of them may be crazy enough to be pro-North, but many will be just innocent citizens who just can't stand any more crap from our current president.
Sounds familiar? Heh.
I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!
I'm surprised they aren't filling the storage with "kekekekekekekekekekekeke"...
The role of the writer is not to say what we can all say, but what we are unable to say. -Anais Nin
Over at Yahoo ( http://tech.yahoo.com/news/ap/20090710/ap_on_hi_te/as_skorea_cyber_attack ) they are reporting that there are only 86 IP addresses causing the outages:
"SEOUL, South Korea -
Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea
used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers
Friday, amid suspicions North Korea was behind the effort."
Now, I'm a little skeptical that they didn't mean ISP instead of IP, but if it is true that there are only 86 hosts generating this much fanfare, then the network admins should be strung up with cat6 for not just blackholing these punks at the edge router. I guess we get the best govt. IT we can afford, right?
Contrary to popular belief, life is not a bitch. It is far far worse.
This will be ugly and exciting at once. First of all, I bet all mob supported worm writers will be fuming, because someone broke silent agreement that there should be no destructive viruses, otherwise people would start to actually care. And if people care => more correctly patched boxes => less posibility to own them => no profit at all.
Second, it will send very interesting message to people who have ignored subject of IT security so far. Imagine company with 100 computers suddenly standing on nothing but the air - no data, no OSes to work with, nothing. Third, I am afraid that some control maniacs (those who usually end with having an actual power to be maniacal) will use it as an excuse to impose more control on Internet. Of course, it will be laughted at by serious IT security specs, but those freaks will freak out and it will be interesting and frightening at same time.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
I'd be scrambling now to get that day off. Failing that, I'll find a doc that writes me a sick leave, if necessary for a bribe. Failing that I'd quit.
There is no way anyone in support will survive that day without a ringing in his ears.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bots and other malware that do no appreciable harm to their hosts have made users complacent about keeping their systems clean (or preferably secure). In the meantime, the collateral damage of spamfloods, spyware, and DDOS attacks has been inflicted on the whole community. An exemplary episode in which the infected machines actually suffer may wake users up again. Windows users are, as usual, the witless accomplices/culprits in this case, but Macs can be just as easily penetrated (demonstrated in the hackfests each year), and poorly administered Linux/BSD/Solaris systems can also be vulnerable.
Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Yeah you're not stereotyping at all. You're right, Linux propagation is not about "improving the world's computer safety". Life is not a comic book and we're not IT vigilantes looking to fight the unjust. I'll let you in on a secret, we all use Linux for various reasons. Some because of the copyleft, some because it's free of charge, some because once it's yours it's actually yours and not on lease and others for many other reasons. For me it's more about the terms. I mainly dislike Windows or OS X due to the terms. These terms are strictly due to the policies of each company producing the OSs, thus it is not the software itself but e.g. MS and Apple that make me not want to use it. There are of course other aspects but I believe that they are merely a product of the terms, and that if the terms would change so would these, such as interoperability and freedom of choice rather than dependency.
I am the lawn!
There are two types of people in this world - those who make regular backups and those who have never suffered data loss. The net result is the same, I don't see how data loss through an insecure OS is any different to data loss through theft, fire, HDD failure.
People in IT go on about backups like a mantra, repeating it like Ballmer repeats "Developers! Developers! Chair...er... Developers!". Yet I guarantee you not a single person walking this green earth has ever paid proper attention to that mantra - at least, not until they lost something important.
I don't have a great deal of sympathy for anyone whose data is at serious risk from something like this. They'd have lost it all eventually anyhow, one way or another.
I care because their compromised machines mess with mine.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Point taken. However, most people in the U.S think that their leaders are full of crap. Not much different than most parts of the world.
However, in North Korea, the average citizen has practically zero access to information from the outside.
So if brainwashing was say... at a 3/10 in the U.S, it's a 10/10 in North Korea. I mean, come on, your hands rotting off by picking up a piece of paper? It's not like the levels of bullshit are equal in the scope of the lies they represent or their damage.
I did not bring up the point to say America is "number one" and that our crap does not stink, just wanted to point out that with all the brainwashing going on in North Korea it is fact that the average North Korean hates and fears us. To say that July 4th is not a significant day in their lives is just incorrect. That's all I was sayin'.
No, the havoc is caused because the host survives symptom free for a long time, potentially spreading the disease for years before being tested and diagnosed, especially in less developed countries.
A guy bleeding from his nose, eyes, and ears is a pretty sure sign that you shouldn't shake his hand.
Finally had enough. Come see us over at https://soylentnews.org/
The lack of any computers in South Korea still left alive to run Starcraft will cause a country-wide panic. There will be riots on the streets! Blood will run free, mark my words...
Hi, I'm a Mac, and uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu...we're a PC.
Movie-playing appliance
That's called a DVD player. There are also game-playing appliances, but these are typically locked down so tight that works developed by students, hobbyists, and small businesses can't get in through the normal channels.
Yes, they deciphered exactly when and how it will strike, but can't figure out how to remove it?
They have already figured out how to remove it.
It's not a small amount, but considering there are 100s millions of machines around the world it is a pretty small amount.
How many machines out there have a HD failure everyday? I'm guessing it is less than 50,000, but probably not much lower. Google and wiki searching only gave me numbers like 3% annualized failure rate up to 13%.
Once the system is rebooted what kind of error message will they see? OS not Found from the bios? I wonder how many users will simply think their harddrive failed.