Comments: 501 +- IT: Korean DDoS Bots To Self-Destruct on Friday July 10, @12:41AM
Posted
by
timothy
on Friday July 10, @12:41AM
from the someone-needs-a-little-hanging-before-bed dept.
from the someone-needs-a-little-hanging-before-bed dept.
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia
carries similar information."
Related Stories
Imitation is the sincerest form of television.
-- Fred Allen
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Apple viral marketing campaign (Score:5, Funny)
Re:Apple viral marketing campaign (Score:5, Insightful)
Actually, it CLEARLY is a plot. It should be pretty obvious to everyone...
It was designed to attack less important government websites, while keeping collateral damage to a minimum... No attempts on the power grid, FAA, etc., and no private companies affected.
Joe Lieberman went up before a room full of press and cameras and said, (roughly) "If this was someone sending us a message, we got it loud and clear."
Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?
And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.
So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...
Parent
Re:Apple viral marketing campaign (Score:5, Insightful)
It sounds more like the destruction of evidence. But then again, why'd I want to do that if I was already identified as the culprit? What could I gain? If anything, I'd want the attack to continue indefinitly, even after I've been wiped out, so to maximize the damage to my enemy even if I should not survive it.
To anyone playing chess: If you can't save your queen, make sure you can trade it for his.
Parent
Re:Apple viral marketing campaign (Score:5, Interesting)
Actually, you're just plain wrong about that. July 4th is a very important day for North Koreans. It is when Americans celebrate their independence, and their capitalist freedoms. The propaganda in North Korea starts from a very young age. July 4th is a bad day for North Koreans and they are taught that THAT day is when their mortal enemy celebrates and plots their demise.
So, North Korea deciding to launch missiles or a cyber-attack on July 4th, is no coincidence. Not by a long shot. It's the exact opposite of what you are thinking. July 4th is the perfectly appropriate day to launch attacks against America.
Keep in mind, the war between the U.S and North Korea never ended. It has been in a cease-fire for over 50 years. They are not over it. Far from it. I would even say they are still obsessed and paranoid about the U.S attacking any minute. There are a lot of mentally unstable and brainwashed people in North Korea. Aside from the special elite families (in glorious Animal Farm tradition), that get to enjoy all the perks of Western culture, the rest of the people, including highly ranked military officers are very misinformed people with a deep suspicion and hatred of the U.S.
I would suggest you read about defectors and refugees from North Korea that actually make it out of the country. When interviewed, these people state beliefs in the most outlandish and bizarre pieces of propaganda. Situations like women absolutely convinced that if they touch dropped pamphlets from the South (through air campaigns to spread information to the people) that their hands will rot off . When asked, if they really felt it was true, they state that they really believed it. That's just one example.
So it's not far fetched at all, that July 4th is a day when North Koreans feel hatred and fear.
That's very plausible. Botnets are valuable right now. Destroying this Botnet, is in fact, destroying VALUABLE INVENTORY. For organized cyber criminals, this makes no sense whatsoever to destroy what they worked so hard to obtain, or spent money to purchase.
I admit, it does not sound like what criminals would do at all. All that loss, just to possibly cover their tracks a little?
A "white-hat" trying to make a point though? What better way then to cause a little mischief and then mercifully destroy the tools. Your argument is compelling....
Parent
Re:Apple viral marketing campaign (Score:5, Interesting)
Or for a blackhat, what better way to divert the blame?
Bots are plentiful, insecure windows boxes are extremely abundant and it will be easy for them to acquire more, they probably haven't even diverted all of their current resources to this attack.
The machines that get wiped will likely just be reinstalled from the recovery cd that came with the machine, thus returning them to the same vulnerable state they were in before - ready to be reowned.
Incidentally, if you've ever looked at a compromised machine, there's typically lots of different pieces of malware on them, most infected boxes tend to be shared between several groups and some end up a battleground between competing groups trying to remove each others' malware.
Parent
Re:Brainwashing is in the eye of the beholder (Score:5, Insightful)
Point taken. However, most people in the U.S think that their leaders are full of crap. Not much different than most parts of the world.
However, in North Korea, the average citizen has practically zero access to information from the outside.
So if brainwashing was say... at a 3/10 in the U.S, it's a 10/10 in North Korea. I mean, come on, your hands rotting off by picking up a piece of paper? It's not like the levels of bullshit are equal in the scope of the lies they represent or their damage.
I did not bring up the point to say America is "number one" and that our crap does not stink, just wanted to point out that with all the brainwashing going on in North Korea it is fact that the average North Korean hates and fears us. To say that July 4th is not a significant day in their lives is just incorrect. That's all I was sayin'.
Parent
Re:Apple viral marketing campaign (Score:5, Funny)
Over a billion people claim to believe that a 2000 year old cosmic, Jewish zombie, born of a virgin mother; will offer you eternal life if you symbolically eat his flesh, drink his blood and telepathically accept him as your master so he can remove an evil force, present on all humans because a woman who was made from the rib of a man, who was constructed of dust, was convinced by a talking snake, to eat a cursed apple, from a magical tree growing in a mystical garden a little while after the universe was created around 6000 years ago.
You might be right.
Parent
Re:Apple viral marketing campaign (Score:5, Informative)
As someone who believe this, please don't confuse Catholics and Protestants. Catholics (a large percentage, but far from all of Christianity) believe in Transubstatiation (The bread and wine become the body of Christ). However, the majority of protestant traditions teach that communion is strictly symbolic. And it's not "Hey, be a cannibal so I can save you!" It's a backreference to (among other things) the first passover meal, in which a lamb was slaughtered and it's blood put on the doorposts of the house to save it's occupants from the angel of death in Egypt. It symbolises that just as the lamb had to die (and be eaten) to save those in the house in Egypt, so Christ had to give his body to save those who would believe in him; and just as the blood of the lamb protected everyone who took refuge in that house in Egypt, so the blood of Christ protects all who take refuge in his sacrifice.
Sorry to cloud the issue with pertinent facts though, carry on.
Parent
Re:Apple viral marketing campaign (Score:5, Informative)
Escaping North Korea: Secrets of the World's Most Isolated Country by Mike Kim
I have no idea if you would consider this trustworthy or not, but it comes from that book. The author was on the ground and personally helped North Korean citizens through the underground railroad and interviewed quite a few of them.
# Publisher: Rowman & Littlefield Publishers, Inc.
# Pub. Date: September 2008
# ISBN-13: 9780742556201
Parent
Hi, I'm a Mac (Score:5, Funny)
Hi, I'm a Mac, and uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu...we're a PC.
Parent
U ? (Score:4, Funny)
Wow, and I thought only 0 and 1 could actually be written to the hard drive.
Re:U ? (Score:5, Funny)
Parent
Re:U ? (Score:5, Insightful)
u in binary (yeah, I know what you meant):
1010 0101
I would have expected
0101 0101
which is "U"
(or 1010 1010, but that doesn't seem to be a nice ASCII character I can type)
Hmm, maybe it is a capitalization error on someones part, or maybe they just like the palindromic nature of 1010 0101?
Parent
Re:U ? (Score:5, Informative)
I wouldn't expect either of the linked articles to know binary. It probably is "U", meaning just a repeating 010101010101010101........ Makes the most sense given the structure of hard drives and the fact that a repeated sequence of "u" after "memory of the independence day" (assuming that comma is also not part of it) makes no sense from any point of view.
Parent
Re:U ? (Score:5, Informative)
.... "u" in ASCII, represented in binary is 0111 0101, not 1010 0101. "U" is 0101 0101, as you said though.
Parent
Re:U ? (Score:5, Funny)
Parent
Really that bad of a thing? (Score:5, Insightful)
Re:Really that bad of a thing? (Score:5, Insightful)
Forget it. They will just buy a new computer because their old one is 'broken.'
Parent
Re:Really that bad of a thing? (Score:5, Insightful)
This reminds me of the '90s and MS-DOS viruses. At first, people didn't care because stuff like Brain, et al. were annoying but not malicious. Then came more and more destructive variants. Once BIOSes started getting zapped, people started making sure that they downloaded from a clean source and used AV protection.
Times are similar now. Malware used to be annoying because it was fairly crappy code that bogged down a machine. These days, because malware has matured to the point where a user doesn't even know it is present on a system, they tend not to care. Such as the attitude of "I'll do what I want on my computer, if I get my machine slowed down, Geek Squad will fix it for me". If something malicious software bit them, wiping everything on a widespread basis, it might spur Joe Sixpack into not using IE with all settings set to "Low" because the pr0n sites don't complain that way.
However, having a lot of clueless users get their data zapped this isn't a good thing overall. A lot of them will not do a thing for their own security. Instead, they will beg the lawmakers to do something, and feel good (or more aptly, feel "secure") legislative solutions rarely address international problems. Lots of bad things can happen down this path, from mandated "security" software to be on machines, to efforts to make PCs closed appliances like video game consoles.
Parent
+1 Insightful (Score:5, Insightful)
Precisely my thought on reading the summary -- good riddance to some severely compromised systems on the one hand, and on the other, I sincerely hope the users gain a clue.
Getting hit with the clue bat hurts. Otherwise, folks tend not to remember.
Cheers,
Parent
Re:+1 Insightful (Score:5, Interesting)
It'll be interesting to watch. If it happens, it'll be kind of like a geek version of spy vs spy.
Parent
Re:FFS (Score:4, Insightful)
There are two types of people in this world - those who make regular backups and those who have never suffered data loss. The net result is the same, I don't see how data loss through an insecure OS is any different to data loss through theft, fire, HDD failure.
People in IT go on about backups like a mantra, repeating it like Ballmer repeats "Developers! Developers! Chair...er... Developers!". Yet I guarantee you not a single person walking this green earth has ever paid proper attention to that mantra - at least, not until they lost something important.
I don't have a great deal of sympathy for anyone whose data is at serious risk from something like this. They'd have lost it all eventually anyhow, one way or another.
Parent
Re:Really that bad of a thing? (Score:5, Insightful)
Parent
Re:Really that bad of a thing? (Score:5, Funny)
More likly they'll complain their kid's game broke their computer, buy a new one and continue spanking the monkey.
There, fixed that for you.
Parent
Re:Really that bad of a thing? (Score:5, Interesting)
hhhmmm
I wonder if the backbone network admins are going to block access to that "set of web servers" or just let nature take it course.
Parent
Re:Really that bad of a thing? (Score:5, Interesting)
This sounds like an excellent opportunity four a counter-hack.
no
If you follow the chain of computers back to the source, won't it end up in the opponent's critical systems?
likely not.
The people behind this are probably reasonably good at what they are doing. Most likely it will at best lead to a compromised host which is being controlled remotely. Very likely the loss of the actual original control system where the bot herder is sitting would not be a big deal. Probably there will be one or more levels where you will go through a P2P network which doesn't make it clear at all where the commands are coming from. The only way to be absolutely sure is to actually raid the physical location where the bot control is coming from and catch the guy at his keyboard.
Having said that, counter-hacking might be a useful investigative technique. If it was legal.
Parent
Re:Really that bad of a thing? (Score:5, Insightful)
Parent
Re:Really that bad of a thing? (Score:5, Interesting)
No, the GP isn't right.
A computer is a multi-function device its strength is that it can attempt most task. A car is a mono-function device. If you want people to have safe malware-free devices you need to convince them to buy an Email appliance, Web browsing appliance, Movie-playing appliance, Desktop-publishing appliance, etc etc. Then there is a possibility (after the market matures) that these can be secure by-design. But people don't want that, they want a machine that is cheap and does everything, except the things that they don't want it to do, and they want the machine to know the difference even if they don't.
And that? that will never happen IMHO.
Parent
It's already Friday in most time zones. (Score:4, Interesting)
It's already Friday in most time zones. Is this happening?
Nah (Score:5, Funny)
I'm still running a huge network of unpatched XP SP1 boxes and
Parent
We both missed it. (Score:5, Funny)
The correct joke would be:
Everything looks fine !@#-)@^Y^)$_*^*$&@) memory of the independence dayuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
And then the lameness filter would ruin it anyway.
Parent
Independence Day (Score:5, Funny)
...Unless it means next Friday, July 17th which celebrates South Korea's Constitution Day; the day that the Korean Constitution was proclaimed in 1948. But, no, clearly it's the Bahamas.
Man (Score:5, Funny)
You know you live in a fucked up country when you collectively hate the Bahamas.
Hats off, Kim Jong-Il. That's going to be a tough one to beat.
Parent
Re:Independence Day (Score:5, Informative)
Parent
uh what? (Score:4, Insightful)
> From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.'
Did the washington post writer get this wrong, or is this a misreported urban legend? The "trojan horse" part doesn't make any sense -- the computer is already compromised.
Well... (Score:5, Insightful)
Sucks to be running Windows.
*gets back to work in gedit*
happy ending (Score:5, Insightful)
I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!
No SC players? (Score:5, Funny)
What is the source? (Score:4, Insightful)
"SEOUL, South Korea -
Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea
used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers
Friday, amid suspicions North Korea was behind the effort."
Now, I'm a little skeptical that they didn't mean ISP instead of IP, but if it is true that there are only 86 hosts generating this much fanfare, then the network admins should be strung up with cat6 for not just blackholing these punks at the edge router. I guess we get the best govt. IT we can afford, right?
Blood in the water (Score:5, Interesting)
This will be ugly and exciting at once. First of all, I bet all mob supported worm writers will be fuming, because someone broke silent agreement that there should be no destructive viruses, otherwise people would start to actually care. And if people care => more correctly patched boxes => less posibility to own them => no profit at all.
Second, it will send very interesting message to people who have ignored subject of IT security so far. Imagine company with 100 computers suddenly standing on nothing but the air - no data, no OSes to work with, nothing. Third, I am afraid that some control maniacs (those who usually end with having an actual power to be maniacal) will use it as an excuse to impose more control on Internet. Of course, it will be laughted at by serious IT security specs, but those freaks will freak out and it will be interesting and frightening at same time.
If I was still in Tech Support (Score:4, Insightful)
I'd be scrambling now to get that day off. Failing that, I'll find a doc that writes me a sick leave, if necessary for a bribe. Failing that I'd quit.
There is no way anyone in support will survive that day without a ringing in his ears.
Starcraft (Score:5, Funny)
The lack of any computers in South Korea still left alive to run Starcraft will cause a country-wide panic. There will be riots on the streets! Blood will run free, mark my words...
Re:Omg, think of the pr0n (Score:5, Insightful)
Seriously. It overrides every attached HD. How well does a RAID stand up to that in terms of data protection? Or an attached USB HD?
Parent
Re:first post.. (Score:5, Funny)
Parent
Re:first post.. (Score:5, Insightful)
And anything that may get the average S. Korean to take computer security seriously and not roll their eyes dismissively when you make secure practice recommendations, is a plus in my book.
Parent
Re:first post.. (Score:5, Informative)
You are wrong. The GGP (my GGGP) is talking about the ActiveX widget that banks use for encryption in South Korea:
http://blog.mozilla.com/gen/2007/02/27/the-cost-of-monoculture/ [mozilla.com]
Parent
And something of value was gained? (Score:5, Insightful)
Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...
Parent
Re:good... (Score:4, Insightful)
Parent
Re:good... (Score:5, Insightful)
I care because their compromised machines mess with mine.
Parent
Re:Final code (Score:5, Informative)
Yes, they deciphered exactly when and how it will strike, but can't figure out how to remove it?
They have already figured out how to remove it [symantec.com].
Parent