Slashdot Mirror

← Back to Stories (view on slashdot.org)

Korean DDoS Bots To Self-Destruct

Posted by timothy on from the someone-needs-a-little-hanging-before-bed dept.

tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia carries similar information."

25 of 501 comments (clear)

  1. Apple viral marketing campaign by mokeyboy · · Score: 5, Funny

    Its all a plot to make people buy Mac

    1. Re:Apple viral marketing campaign by evilviper · · Score: 5, Insightful

      Actually, it CLEARLY is a plot. It should be pretty obvious to everyone...

      It was designed to attack less important government websites, while keeping collateral damage to a minimum... No attempts on the power grid, FAA, etc., and no private companies affected.

      Joe Lieberman went up before a room full of press and cameras and said, (roughly) "If this was someone sending us a message, we got it loud and clear."

      Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?

      And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.

      So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    2. Re:Apple viral marketing campaign by EdIII · · Score: 5, Interesting

      Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?

      Actually, you're just plain wrong about that. July 4th is a very important day for North Koreans. It is when Americans celebrate their independence, and their capitalist freedoms. The propaganda in North Korea starts from a very young age. July 4th is a bad day for North Koreans and they are taught that THAT day is when their mortal enemy celebrates and plots their demise.

      So, North Korea deciding to launch missiles or a cyber-attack on July 4th, is no coincidence. Not by a long shot. It's the exact opposite of what you are thinking. July 4th is the perfectly appropriate day to launch attacks against America.

      Keep in mind, the war between the U.S and North Korea never ended. It has been in a cease-fire for over 50 years. They are not over it. Far from it. I would even say they are still obsessed and paranoid about the U.S attacking any minute. There are a lot of mentally unstable and brainwashed people in North Korea. Aside from the special elite families (in glorious Animal Farm tradition), that get to enjoy all the perks of Western culture, the rest of the people, including highly ranked military officers are very misinformed people with a deep suspicion and hatred of the U.S.

      I would suggest you read about defectors and refugees from North Korea that actually make it out of the country. When interviewed, these people state beliefs in the most outlandish and bizarre pieces of propaganda. Situations like women absolutely convinced that if they touch dropped pamphlets from the South (through air campaigns to spread information to the people) that their hands will rot off . When asked, if they really felt it was true, they state that they really believed it. That's just one example.

      So it's not far fetched at all, that July 4th is a day when North Koreans feel hatred and fear.

      And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.

      So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...

      That's very plausible. Botnets are valuable right now. Destroying this Botnet, is in fact, destroying VALUABLE INVENTORY. For organized cyber criminals, this makes no sense whatsoever to destroy what they worked so hard to obtain, or spent money to purchase.

      I admit, it does not sound like what criminals would do at all. All that loss, just to possibly cover their tracks a little?

      A "white-hat" trying to make a point though? What better way then to cause a little mischief and then mercifully destroy the tools. Your argument is compelling....

    3. Re:Apple viral marketing campaign by ComaVN · · Score: 5, Funny

      Over a billion people claim to believe that a 2000 year old cosmic, Jewish zombie, born of a virgin mother; will offer you eternal life if you symbolically eat his flesh, drink his blood and telepathically accept him as your master so he can remove an evil force, present on all humans because a woman who was made from the rib of a man, who was constructed of dust, was convinced by a talking snake, to eat a cursed apple, from a magical tree growing in a mystical garden a little while after the universe was created around 6000 years ago.

      You might be right.

      --
      Be wary of any facts that confirm your opinion.
    4. Re:Apple viral marketing campaign by doulos05 · · Score: 5, Informative

      As someone who believe this, please don't confuse Catholics and Protestants. Catholics (a large percentage, but far from all of Christianity) believe in Transubstatiation (The bread and wine become the body of Christ). However, the majority of protestant traditions teach that communion is strictly symbolic. And it's not "Hey, be a cannibal so I can save you!" It's a backreference to (among other things) the first passover meal, in which a lamb was slaughtered and it's blood put on the doorposts of the house to save it's occupants from the angel of death in Egypt. It symbolises that just as the lamb had to die (and be eaten) to save those in the house in Egypt, so Christ had to give his body to save those who would believe in him; and just as the blood of the lamb protected everyone who took refuge in that house in Egypt, so the blood of Christ protects all who take refuge in his sacrifice.

      Sorry to cloud the issue with pertinent facts though, carry on.

  2. Really that bad of a thing? by Immostlyharmless · · Score: 5, Insightful

    You have to imagine if these computers are all infected with this one trojan, they are probably infected with god only knows how much other spyware, malware, backdoors, and spambots. This might just be a GOOD thing; when these compromised twits wake up to a completely wiped drive, it might be the thing that drives them to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all the aforementioned crapware.

    1. Re:Really that bad of a thing? by Patrik_AKA_RedX · · Score: 5, Insightful

      More likly they'll complain their kid's game broke their computer, buy a new one and continue punching the monkey.

    2. Re:Really that bad of a thing? by Anonymous Coward · · Score: 5, Funny

      More likly they'll complain their kid's game broke their computer, buy a new one and continue spanking the monkey.

      There, fixed that for you.

    3. Re:Really that bad of a thing? by clarkkent09 · · Score: 5, Insightful

      This seems to be a popular view here on slashdot but it ignores the fact that 90% of the computer users neither understand nor should have to understand a single bit of what the hell you are talking about. It should be considered a failure of the part of the computer industry to be making products that are incapable of being used for storing important data without expert level knowledge on how to secure it. We in that industry should start admitting that the issue is our fault instead of calling people twits for not knowing what a "router with a hardware firewall" is. Oh, and you can blame MS all you want but the truth is that Linux, if as widely adopted and used by ordinary computer illiterate users, and as targeted by the malware writers as Windows is, wouldn't be a whole lot batter.

      --
      Negative moral value of force outweighs the positive value of good intentions.
    4. Re:Really that bad of a thing? by SilentMobius · · Score: 5, Interesting

      No, the GP isn't right.

      A computer is a multi-function device its strength is that it can attempt most task. A car is a mono-function device. If you want people to have safe malware-free devices you need to convince them to buy an Email appliance, Web browsing appliance, Movie-playing appliance, Desktop-publishing appliance, etc etc. Then there is a possibility (after the market matures) that these can be secure by-design. But people don't want that, they want a machine that is cheap and does everything, except the things that they don't want it to do, and they want the machine to know the difference even if they don't.

      And that? that will never happen IMHO.

      --
      Loop, twist and loop again.
  3. Re:U ? by JorDan+Clock · · Score: 5, Funny

    That's why this is newsworthy.

  4. Re:U ? by Anonymous Coward · · Score: 5, Insightful

    u in binary (yeah, I know what you meant):
    1010 0101

    I would have expected
    0101 0101
    which is "U"
    (or 1010 1010, but that doesn't seem to be a nice ASCII character I can type)
    Hmm, maybe it is a capitalization error on someones part, or maybe they just like the palindromic nature of 1010 0101?

  5. Re:U ? by broken_chaos · · Score: 5, Informative

    I wouldn't expect either of the linked articles to know binary. It probably is "U", meaning just a repeating 010101010101010101........ Makes the most sense given the structure of hard drives and the fact that a repeated sequence of "u" after "memory of the independence day" (assuming that comma is also not part of it) makes no sense from any point of view.

  6. Nah by copponex · · Score: 5, Funny

    I'm still running a huge network of unpatched XP SP1 boxes and

  7. Independence Day by Dr.+Eggman · · Score: 5, Funny

    I've been trying to figure out whose independence day it is referring to. Based on Wikipedia, it's not Korea's (North or South) China, Japan, the US, or Russia. Nearest I can figure for Friday, July 10th is... the Bahamas?

    ...Unless it means next Friday, July 17th which celebrates South Korea's Constitution Day; the day that the Korean Constitution was proclaimed in 1948. But, no, clearly it's the Bahamas.

    --
    Demented But Determined.
    1. Re:Independence Day by TapeCutter · · Score: 5, Informative

      The attacks started on the 4th July weekend.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  8. Man by copponex · · Score: 5, Funny

    You know you live in a fucked up country when you collectively hate the Bahamas.

    Hats off, Kim Jong-Il. That's going to be a tough one to beat.

  9. Re:first post.. by Fulcrum+of+Evil · · Score: 5, Funny

    since all south korean online banking is done with windows computers, friday will seriously suck.

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  10. happy ending by Errtu76 · · Score: 5, Insightful

    I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!

  11. Re:U ? by Anonymous Coward · · Score: 5, Informative

    .... "u" in ASCII, represented in binary is 0111 0101, not 1010 0101. "U" is 0101 0101, as you said though.

  12. Re:+1 Insightful by religious+freak · · Score: 5, Interesting

    Who wants to take odds that a malware author will act to save these machines? It's not an impossibility - who would want to potentially lose many thousand boxes when you could just push a fix down to the machines? These machines are assets in the malware authors' "business".

    It'll be interesting to watch. If it happens, it'll be kind of like a geek version of spy vs spy.

    --
    If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
  13. And something of value was gained? by AliasMarlowe · · Score: 5, Insightful

    Bots and other malware that do no appreciable harm to their hosts have made users complacent about keeping their systems clean (or preferably secure). In the meantime, the collateral damage of spamfloods, spyware, and DDOS attacks has been inflicted on the whole community. An exemplary episode in which the infected machines actually suffer may wake users up again. Windows users are, as usual, the witless accomplices/culprits in this case, but Macs can be just as easily penetrated (demonstrated in the hackfests each year), and poorly administered Linux/BSD/Solaris systems can also be vulnerable.
    Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  14. Re:U ? by jim_v2000 · · Score: 5, Funny

    In South Korea, virus writes U!

    --
    Don't take life so seriously. No one makes it out alive.
  15. Re:Brainwashing is in the eye of the beholder by EdIII · · Score: 5, Insightful

    Point taken. However, most people in the U.S think that their leaders are full of crap. Not much different than most parts of the world.

    However, in North Korea, the average citizen has practically zero access to information from the outside.

    So if brainwashing was say... at a 3/10 in the U.S, it's a 10/10 in North Korea. I mean, come on, your hands rotting off by picking up a piece of paper? It's not like the levels of bullshit are equal in the scope of the lies they represent or their damage.

    I did not bring up the point to say America is "number one" and that our crap does not stink, just wanted to point out that with all the brainwashing going on in North Korea it is fact that the average North Korean hates and fears us. To say that July 4th is not a significant day in their lives is just incorrect. That's all I was sayin'.

  16. Re:first post.. by maxume · · Score: 5, Informative

    You are wrong. The GGP (my GGGP) is talking about the ActiveX widget that banks use for encryption in South Korea:

    http://blog.mozilla.com/gen/2007/02/27/the-cost-of-monoculture/

    --
    Nerd rage is the funniest rage.