Security Fix – PCs Used in Korean DDoS Attacks May Self Destruct

July 10, 2009

PCs Used in Korean DDoS Attacks May Self Destruct

There are signs that the concerted cyber attacks targeting U.S. and Korean government and commercial Web sites this past week are beginning to wane. Yet, even if the assaults were to be completely blocked tomorrow, the attackers could still have one last, inglorious weapon in their arsenal: New evidence suggests that the malicious code responsible for spreading this attack includes instructions to overwrite the infected PC’s hard drive.

According to Joe Stewart, director of malware research at SecureWorks, the malware that powers this attack — a version of the Mydoom worm — is designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads “memory of the independence day,” followed by as many “u” characters as it takes to write over every sector of every physical drive attached to the compromised system.

Such an order would spell certain disaster for many tens of thousands of Microsoft Windows PCs. Several experts I spoke with yesterday and today estimated that between 60,000 and 100,000 systems may be infected with this potentially suicidal malware.

Comments are closed.