Korean DDoS Bots To Self-Destruct 501
Posted
by
timothy
from the someone-needs-a-little-hanging-before-bed dept.
from the someone-needs-a-little-hanging-before-bed dept.
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia
carries similar information."
Really that bad of a thing? (Score:5, Insightful)
Re:Really that bad of a thing? (Score:5, Insightful)
Forget it. They will just buy a new computer because their old one is 'broken.'
Yay? (Score:3, Insightful)
At least this way they'll get cleaned up and (possibly) patched, right?
Compare it with biological malware. Ebola causes more damage than AIDS, but it's less of a concern, because it kills the host dead pretty quickly. AIDS causes more havoc, because the host survives for such a long time.
good... (Score:2, Insightful)
+1 Insightful (Score:5, Insightful)
Precisely my thought on reading the summary -- good riddance to some severely compromised systems on the one hand, and on the other, I sincerely hope the users gain a clue.
Getting hit with the clue bat hurts. Otherwise, folks tend not to remember.
Cheers,
Re:good... (Score:3, Insightful)
Re:Really that bad of a thing? (Score:5, Insightful)
Re:U ? (Score:5, Insightful)
u in binary (yeah, I know what you meant):
1010 0101
I would have expected
0101 0101
which is "U"
(or 1010 1010, but that doesn't seem to be a nice ASCII character I can type)
Hmm, maybe it is a capitalization error on someones part, or maybe they just like the palindromic nature of 1010 0101?
Re:Really that bad of a thing? (Score:2, Insightful)
There fixed that for you.
Why don't you just wish them to total their car so that they can be forced to buy a newer, more fuel efficient car.
Re:Omg, think of the pr0n (Score:5, Insightful)
Seriously. It overrides every attached HD. How well does a RAID stand up to that in terms of data protection? Or an attached USB HD?
uh what? (Score:4, Insightful)
> From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.'
Did the washington post writer get this wrong, or is this a misreported urban legend? The "trojan horse" part doesn't make any sense -- the computer is already compromised.
Well... (Score:5, Insightful)
Sucks to be running Windows.
*gets back to work in gedit*
happy ending (Score:5, Insightful)
I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!
Re:Really that bad of a thing? (Score:5, Insightful)
What is the source? (Score:4, Insightful)
"SEOUL, South Korea -
Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea
used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers
Friday, amid suspicions North Korea was behind the effort."
Now, I'm a little skeptical that they didn't mean ISP instead of IP, but if it is true that there are only 86 hosts generating this much fanfare, then the network admins should be strung up with cat6 for not just blackholing these punks at the edge router. I guess we get the best govt. IT we can afford, right?
Re:Apple viral marketing campaign (Score:5, Insightful)
Actually, it CLEARLY is a plot. It should be pretty obvious to everyone...
It was designed to attack less important government websites, while keeping collateral damage to a minimum... No attempts on the power grid, FAA, etc., and no private companies affected.
Joe Lieberman went up before a room full of press and cameras and said, (roughly) "If this was someone sending us a message, we got it loud and clear."
Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?
And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.
So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...
Re:Really that bad of a thing? (Score:5, Insightful)
This reminds me of the '90s and MS-DOS viruses. At first, people didn't care because stuff like Brain, et al. were annoying but not malicious. Then came more and more destructive variants. Once BIOSes started getting zapped, people started making sure that they downloaded from a clean source and used AV protection.
Times are similar now. Malware used to be annoying because it was fairly crappy code that bogged down a machine. These days, because malware has matured to the point where a user doesn't even know it is present on a system, they tend not to care. Such as the attitude of "I'll do what I want on my computer, if I get my machine slowed down, Geek Squad will fix it for me". If something malicious software bit them, wiping everything on a widespread basis, it might spur Joe Sixpack into not using IE with all settings set to "Low" because the pr0n sites don't complain that way.
However, having a lot of clueless users get their data zapped this isn't a good thing overall. A lot of them will not do a thing for their own security. Instead, they will beg the lawmakers to do something, and feel good (or more aptly, feel "secure") legislative solutions rarely address international problems. Lots of bad things can happen down this path, from mandated "security" software to be on machines, to efforts to make PCs closed appliances like video game consoles.
Re:Really that bad of a thing? (Score:2, Insightful)
You, Sir, have said something far too sensible for the Windows hating command-line lovers here to appreciate. They will no doubt vote you off their island of Windows mockery.
I agree with the parent about the blame game - and I can't see that having thousands of important computer systems blown away in an instant is in any way a good thing, no matter what operating system they're using. Love or hate any vendor or software development methodology as much as you like, but it's the complete ASSHOLES that make this security compromising shit we have to deal with that should be the targets of your mockey.
Unless you're chicken.
Which you probably are.
Else you'd run said insecure operating system just to live dangerously.
Ahhhh! Seriously, this argument about MS vs Linux vs whatever is getting more lame by each post in each story. It's about as lame as the Flash vs blah blah blah it's SOOO BORING I can't even write about it any more debates. There are different operating systems currently available that are guided by different principles and philosophies. Choose one (or more). Use it (or them). Then get over yourselves when the one(s) you use don't have the same market share as another one, or whatever the pissing contest de jour is.
And, if you think that a bunch of very smart people in Redmond aren't concerned with security then you're just extremely blinded and foolish. News flash, homeslice, Debian Woody users aren't the only ones in the world that care about keeping their systems secure.
post anonymously: check
upgrade antivirus that I don't run anyway: check
(because it makes everything run real slow: cheeeck)
offer erect single finger to virus-writers everywhere: check
offer the same to endless whinging about Microsoft: CHECK
wish for Amiga to triumphantly return: check (just for kicks to see if anyone's still reading)
FFS (Score:2, Insightful)
Why don't YOU get a clue? Punishing the user of an insecure OS will not do a damn thing. It will not do a damn thing to increase security. There will just be lots of people who are fucking upset because they lost a whole heaps of important files or memories (e.g. photos). It is not THEIR fault that windows is so fucked up (is it)? So, why do you take delight in them losing their data?
So, I hit YOU with you so called "clue bat" and I hope your meagre brain manages to parse it. I hope you remember this.
Cheers,
Re:Apple viral marketing campaign (Score:5, Insightful)
It sounds more like the destruction of evidence. But then again, why'd I want to do that if I was already identified as the culprit? What could I gain? If anything, I'd want the attack to continue indefinitly, even after I've been wiped out, so to maximize the damage to my enemy even if I should not survive it.
To anyone playing chess: If you can't save your queen, make sure you can trade it for his.
If I was still in Tech Support (Score:4, Insightful)
I'd be scrambling now to get that day off. Failing that, I'll find a doc that writes me a sick leave, if necessary for a bribe. Failing that I'd quit.
There is no way anyone in support will survive that day without a ringing in his ears.
And something of value was gained? (Score:5, Insightful)
Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...
Re:good... (Score:4, Insightful)
Re:Really that bad of a thing? (Score:3, Insightful)
How on Earth is the above comment flamebait? In any way, shape, or form?
This poster is absolutely RIGHT .
Car analogies are popular here on Slashdot (I don't know what that is about), so how about this one. Why is that cars can only be properly and safely operated by mechanics, engineers, and aficionados?
Obviously, that is not true. Cars are designed to be relatively simple to operate, yet can be highly reliable, safe, and low maintenance. At least for the majority of their lifetime, for the average person.
It's easy to look down and speak badly about the large amount of computer users that have barely a fraction of the skills of the average Slashdotter. However, the poster brings up something rather interesting. Why is it that the various industries responsible for creating these computer systems don't take more responsibility for making it secure?
It's not impossible. Unfortunately, it would probably require a heck of lot more work and cooperation between people and corporations that have no interest or advantage in cooperating.
This goes far beyond just the Evil Microsoft vs. Linux Rulez "debate". The poster is asking why there seems to be a fundamental attitude in the industry to shift blame and responsibility. It's a valid question, that is neither trolling or flaming anyone's point of view.
Is it that unreasonable to wish that computer systems get designed around unsophisticated users skill sets with an emphasis on security? Designing systems that make it difficult to participate in Botnets and other activities that cause considerable financial damage?
I don't think so. There really is a problem that needs to be addressed, and this poster brings up a valid point to discuss.
Re:Final code (Score:2, Insightful)
Greetings and Salutations...
First off, I fear this is a hoax, simply because we are hearing about it BEFOREHAND. One of my favorite comments (said about a recent event where some flake was arrested after some very vocal threats against our President) is "Real assassins don't tell you they are coming to kill you".
Secondly, if it were me, I would overwrite the hard drive with "DEADBEEF". Not only is it traditional, but, it has a certain charming truth to it that would add amusement.
regards
dave mundt
Re:FFS (Score:4, Insightful)
There are two types of people in this world - those who make regular backups and those who have never suffered data loss. The net result is the same, I don't see how data loss through an insecure OS is any different to data loss through theft, fire, HDD failure.
People in IT go on about backups like a mantra, repeating it like Ballmer repeats "Developers! Developers! Chair...er... Developers!". Yet I guarantee you not a single person walking this green earth has ever paid proper attention to that mantra - at least, not until they lost something important.
I don't have a great deal of sympathy for anyone whose data is at serious risk from something like this. They'd have lost it all eventually anyhow, one way or another.
Re:If I was still in Tech Support (Score:3, Insightful)
There is no way anyone in support will survive that day without a ringing in his ears.
Yes, that would be the telephone. It kind of goes with the job in tech support.
Re:Omg, think of the pr0n (Score:3, Insightful)
If you have a disk-to-disk backup solution, most likely both sets of data will be hosed from this virus. Unless backups take place on tape, or the drives are rotated for off-site safety, the victim is fucked!
As much I'm happy to hear this virus self destruct, no one deserves irrecoverable data loss.
The hardware abstraction doesn't matter if all the virus does is make read/write calls using the OS like any other application. In other words, if Windows has a volume mounted, then the virus will be able to see it and whack it out of commission.
Re:FFS (Score:3, Insightful)
As long as we are passing around the Clue Bat..... Let me whack you one time too.
Nobody here is punishing the users. They are victims. The criminals that made them victims, are just killing them after raping them repeatedly. Please forgive such a graphic analogy.
By having those systems destroyed, there is an inescapable conclusion that follows: They are no longer participating in a Botnet that is harming other people and corporations .
Does it have a chance of changing their behavior? Of opening up their eyes to security and the implications of being added to a Botnet? Who knows. You may be right that it, "it will not do a damn thing to increase security".
It's absolutely horrible that these users are victims and they have to suffer such losses. However, these posters are right. It's a good thing..... for the rest of us. Unsophisticated users and Slashdot geeks alike.
That does not mean, I am an ass**** or that I have no compassion. Just recognizing that these victims can no longer be forced to participate in harming other people.
There.... Okay, who else wants the Clue Bat?
Re:U ? (Score:3, Insightful)
Re:good... (Score:5, Insightful)
I care because their compromised machines mess with mine.
Re:Brainwashing is in the eye of the beholder (Score:5, Insightful)
Point taken. However, most people in the U.S think that their leaders are full of crap. Not much different than most parts of the world.
However, in North Korea, the average citizen has practically zero access to information from the outside.
So if brainwashing was say... at a 3/10 in the U.S, it's a 10/10 in North Korea. I mean, come on, your hands rotting off by picking up a piece of paper? It's not like the levels of bullshit are equal in the scope of the lies they represent or their damage.
I did not bring up the point to say America is "number one" and that our crap does not stink, just wanted to point out that with all the brainwashing going on in North Korea it is fact that the average North Korean hates and fears us. To say that July 4th is not a significant day in their lives is just incorrect. That's all I was sayin'.
Re:Yay? (Score:4, Insightful)
A guy bleeding from his nose, eyes, and ears is a pretty sure sign that you shouldn't shake his hand.
Re:first post.. (Score:5, Insightful)
And anything that may get the average S. Korean to take computer security seriously and not roll their eyes dismissively when you make secure practice recommendations, is a plus in my book.
Re:Really that bad of a thing? (Score:3, Insightful)
Car Drivers need a licence to ensure they are properly and safely operated.
Car Drivers can be sanctioned for dangerous or irresponsible practices.
Car Drivers require insurance to compensate people who suffer a lost caused by incompetence or recklessness of the Driver.
Cars must be regularly serviced and maintained by trained experts.
Cars must be registered & require regular safety inspections.
Some similar practices might avoid most of the problems with have with irresponsible PC owner/operators. e.g. worms, virus, UCE/UBE, phishing, fraud, DDOS.
Re:Blood in the water (Score:4, Insightful)
Well, to be frank, Y2K didn't happen partly because it was hype, sure, and partly because everyone jumped on it and if there was serious systems which could fail, they were fixed. Claiming that all it was hot air would be going in same absolutes like claiming that it could have definitely caused end of the world.
This time, I am not so sure that it is Y2K type. It could be pure sensationalism, sure, but such virus can be written by anyone. I simply see it as virus authors so far haven't been interested of causing damage to PCs - mostly because they need them to do their DDoSing and spam spewing.
Re:first post.. (Score:3, Insightful)
Right.... because hoping some good will come of a computer intrusion is just like hoping for the deaths of people to make a political point.
Only 50,000 machines (Score:4, Insightful)
It's not a small amount, but considering there are 100s millions of machines around the world it is a pretty small amount.
How many machines out there have a HD failure everyday? I'm guessing it is less than 50,000, but probably not much lower. Google and wiki searching only gave me numbers like 3% annualized failure rate up to 13%.
Once the system is rebooted what kind of error message will they see? OS not Found from the bios? I wonder how many users will simply think their harddrive failed.
Re:Brainwashing is in the eye of the beholder (Score:3, Insightful)
Wouldn't work with a free press. However, no such press exists in north korea.
how are those statements brainwashing? (Score:3, Insightful)
those are outright lies by politicians. disconnected and ridiculous
in north korea you are talking about a concerted effort since birth to convince your citizens the world outside your borders are full of bloodthirsty tribes ready to destroy you at a moment's notice
not that there doesn't exist people who believe that in the west, but there isn't a concerted effort by the government to create that belief
comparing real brainwashing in north korea with the worst example of demagoguery that you could find in the west: not even remotely in the same league
Re:Good riddance (Score:1, Insightful)
We are trying to get to a stage where people can use computers without having to know about charsets, antivirus, backup, updates and firewalls or have a 'driving' license just to look at some porn. In my experience firewalls and virus scanners do nothing but slow down a Windows PC and provide another deluge of popups that nobody can understand.
Windows seems to be going in the opposite direction. Is this just to keep the money slushing around in the 'fixing Windows' industry?
Good riddance to computers that require $200 worth of repair for just 'clicking the wrong link'... Whatever that means.
If you want a car analogy then cars today are being supplied with 1000 buttons on the dash, one starts the car, and another stops the car. Pressing the wrong one will cause your car to stop functioning for you, but it will happily put viagra advertisements on it's radio and drive around town all day annoying people.
At least Google seem to have the right idea with Native Client. I would add a link but how would you know if it was a 'wrong link'?
Remember kids, manually type in those URLs!
Re:Really that bad of a thing? (Score:3, Insightful)
You need to take a test to get a license to operate a vehicle. The purpose of the test is to ensure that anyone driving actually knows how to drive.
I'd like to see something similar for the networked computer. Not necessarily a use license, but tests that at least ensure minimal security competency before allowing users access to the outside. These "tests" don't have to be the question-answer sort, but something along the lines of putting the round peg in the round hole and the square peg in the square hole. I'll bet just making it illegal for OEM's to pre-install the OS would do wonders for security, as well as wreck havoc on the Microsoft OS monopoly.
Vehicles can kill if operated improperly (or properly, for that matter). So perhaps there should be a kill switch for the computers of people who either try to fake the test or still do stupid stuff after passing it. A virus that wipes a computer's hard drive a month after infection, or even a virus that disables the network device should be enough to discourage people from continuously doing dumb things.
Re:Apple viral marketing campaign (Score:1, Insightful)
okay so you believe: that a 2000 year old cosmic, Jewish zombie, born of a virgin mother; will offer you eternal life if you HAVE DINNER WITH HIM and telepathically accept him as your master so he can remove an evil force, present on all humans because a woman who was made from the rib of a man, who was constructed of dust, was convinced by a talking snake, to eat a cursed apple, from a magical tree growing in a mystical garden a little while after the universe was created around 6000 years ago.