FBI: Wiper Malware Has Korean Language Packs, Hard Coded Targets

chicksdaddy sends news that the FBI has issued a warning to U.S. businesses over a "destructive" malware campaign using advanced tools. They don't name specific targets, but the information fits with the details from last week's attack on Sony Pictures, which led to the leak of several unreleased movies. A copy of the FBI's recent five-page FLASH alert reveals that the malware alleged to have wiped out systems at Sony Pictures Entertainment deployed a number of malicious modules, including a version of a commercial disk wiping tool on target systems. Samples of the malware obtained by the FBI were also found to contain configuration files created on systems configured with Korean language packs. The use of Korean could strengthen theories that the destructive cyber attacks have links to North Korea, though it is hardly conclusive. It does appear that the attack was targeted at a specific organization. The malware analyzed by the FBI contained a hard coded list of IP addresses and computer host names.

Korea?

[TechyImmigrant]

"Yes Sergey, I have this brilliant plan to compile the production malware on a Korean build of Windows. They'll never suspect it was us."
 

Re:As a malware analyst...

[amicusNYCL]

"Just as likely"? I would imagine that, among all of the versions of Windows that have the Korean language installed, the vast majority of them are being used by Koreans rather than English-speaking Americans.

Re:How

[GameboyRMH]

I think any OS will do it once the attacking program can gain root access, unless MBR protection is enabled in the BIOS.