Forgot your password?

Korean DDoS Bots To Self-Destruct 501

Posted by timothy
from the someone-needs-a-little-hanging-before-bed dept.
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia carries similar information."
This discussion has been archived. No new comments can be posted.

Korean DDoS Bots To Self-Destruct

Comments Filter:
  • by Animats (122034) on Friday July 10, 2009 @01:57AM (#28646325) Homepage

    It's already Friday in most time zones. Is this happening?

  • by rodgster (671476) <rodgster AT yahoo DOT com> on Friday July 10, 2009 @02:11AM (#28646385) Journal


    I wonder if the backbone network admins are going to block access to that "set of web servers" or just let nature take it course.

  • by Anonymous Coward on Friday July 10, 2009 @02:19AM (#28646419)


    In fact the S. Korean government is publically saying that North Korea is to suspect, along with some "pro-North" factions in South Korea.

    Or, in terms you are more familiar with: "OMG! TEH TERRORISTS! WHERE IS NATIONAL SECURITY?"

    This will be an opportunity for the current government to distract people from their having put our nation into a pile of horseshit, and to round up some anti-government people for being "pro-North" and "hating freedom." Well, yes, *some* of them may be crazy enough to be pro-North, but many will be just innocent citizens who just can't stand any more crap from our current president.

    Sounds familiar? Heh.

  • Blood in the water (Score:5, Interesting)

    by Pecisk (688001) on Friday July 10, 2009 @02:48AM (#28646533)

    This will be ugly and exciting at once. First of all, I bet all mob supported worm writers will be fuming, because someone broke silent agreement that there should be no destructive viruses, otherwise people would start to actually care. And if people care => more correctly patched boxes => less posibility to own them => no profit at all.

    Second, it will send very interesting message to people who have ignored subject of IT security so far. Imagine company with 100 computers suddenly standing on nothing but the air - no data, no OSes to work with, nothing. Third, I am afraid that some control maniacs (those who usually end with having an actual power to be maniacal) will use it as an excuse to impose more control on Internet. Of course, it will be laughted at by serious IT security specs, but those freaks will freak out and it will be interesting and frightening at same time.

  • by rtfa-troll (1340807) on Friday July 10, 2009 @02:57AM (#28646581)

    This sounds like an excellent opportunity four a counter-hack.


    If you follow the chain of computers back to the source, won't it end up in the opponent's critical systems?

    likely not.

    The people behind this are probably reasonably good at what they are doing. Most likely it will at best lead to a compromised host which is being controlled remotely. Very likely the loss of the actual original control system where the bot herder is sitting would not be a big deal. Probably there will be one or more levels where you will go through a P2P network which doesn't make it clear at all where the commands are coming from. The only way to be absolutely sure is to actually raid the physical location where the bot control is coming from and catch the guy at his keyboard.

    Having said that, counter-hacking might be a useful investigative technique. If it was legal.

  • Re:+1 Insightful (Score:5, Interesting)

    by religious freak (1005821) on Friday July 10, 2009 @03:17AM (#28646669)
    Who wants to take odds that a malware author will act to save these machines? It's not an impossibility - who would want to potentially lose many thousand boxes when you could just push a fix down to the machines? These machines are assets in the malware authors' "business".

    It'll be interesting to watch. If it happens, it'll be kind of like a geek version of spy vs spy.
  • Re:good... (Score:3, Interesting)

    by Fatal67 (244371) on Friday July 10, 2009 @03:20AM (#28646679)

    And if they all switch over to unix, you'd just have a bunch of clueless unix users. Except now, you'd have enough users for them to actually bother writing malware for it.

    Be careful what you wish for.

  • by Yvanhoe (564877) on Friday July 10, 2009 @04:12AM (#28646915) Journal
    Well I must say that I was waiting for such a virus. I the last years, virus are considered like an invisible nuisance that doesn't eat more than a few CPU cycles and some bandwidth. People forgot about the first virus that routinely erased data. Maybe if this kind of virus make a comeback, we will see more people seriously concerned about IT security.
  • by SilentMobius (10171) on Friday July 10, 2009 @04:17AM (#28646945)

    No, the GP isn't right.

    A computer is a multi-function device its strength is that it can attempt most task. A car is a mono-function device. If you want people to have safe malware-free devices you need to convince them to buy an Email appliance, Web browsing appliance, Movie-playing appliance, Desktop-publishing appliance, etc etc. Then there is a possibility (after the market matures) that these can be secure by-design. But people don't want that, they want a machine that is cheap and does everything, except the things that they don't want it to do, and they want the machine to know the difference even if they don't.

    And that? that will never happen IMHO.

  • by EdIII (1114411) * on Friday July 10, 2009 @04:22AM (#28646971)

    Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?

    Actually, you're just plain wrong about that. July 4th is a very important day for North Koreans. It is when Americans celebrate their independence, and their capitalist freedoms. The propaganda in North Korea starts from a very young age. July 4th is a bad day for North Koreans and they are taught that THAT day is when their mortal enemy celebrates and plots their demise.

    So, North Korea deciding to launch missiles or a cyber-attack on July 4th, is no coincidence. Not by a long shot. It's the exact opposite of what you are thinking. July 4th is the perfectly appropriate day to launch attacks against America.

    Keep in mind, the war between the U.S and North Korea never ended. It has been in a cease-fire for over 50 years. They are not over it. Far from it. I would even say they are still obsessed and paranoid about the U.S attacking any minute. There are a lot of mentally unstable and brainwashed people in North Korea. Aside from the special elite families (in glorious Animal Farm tradition), that get to enjoy all the perks of Western culture, the rest of the people, including highly ranked military officers are very misinformed people with a deep suspicion and hatred of the U.S.

    I would suggest you read about defectors and refugees from North Korea that actually make it out of the country. When interviewed, these people state beliefs in the most outlandish and bizarre pieces of propaganda. Situations like women absolutely convinced that if they touch dropped pamphlets from the South (through air campaigns to spread information to the people) that their hands will rot off . When asked, if they really felt it was true, they state that they really believed it. That's just one example.

    So it's not far fetched at all, that July 4th is a day when North Koreans feel hatred and fear.

    And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.

    So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...

    That's very plausible. Botnets are valuable right now. Destroying this Botnet, is in fact, destroying VALUABLE INVENTORY. For organized cyber criminals, this makes no sense whatsoever to destroy what they worked so hard to obtain, or spent money to purchase.

    I admit, it does not sound like what criminals would do at all. All that loss, just to possibly cover their tracks a little?

    A "white-hat" trying to make a point though? What better way then to cause a little mischief and then mercifully destroy the tools. Your argument is compelling....

  • by Bert64 (520050) <[moc.eeznerif.todhsals] [ta] [treb]> on Friday July 10, 2009 @04:30AM (#28647009) Homepage

    Or for a blackhat, what better way to divert the blame?
    Bots are plentiful, insecure windows boxes are extremely abundant and it will be easy for them to acquire more, they probably haven't even diverted all of their current resources to this attack.
    The machines that get wiped will likely just be reinstalled from the recovery cd that came with the machine, thus returning them to the same vulnerable state they were in before - ready to be reowned.

    Incidentally, if you've ever looked at a compromised machine, there's typically lots of different pieces of malware on them, most infected boxes tend to be shared between several groups and some end up a battleground between competing groups trying to remove each others' malware.

  • by Godwin O'Hitler (205945) on Friday July 10, 2009 @04:38AM (#28647067) Homepage Journal

    When interviewed, these people state beliefs in the most outlandish and bizarre pieces of propaganda. Situations like women absolutely convinced that if they touch dropped pamphlets from the South (through air campaigns to spread information to the people) that their hands will rot off . When asked, if they really felt it was true, they state that they really believed it.

    Then they are incredibly stupid. Kids in the West get brainwashed into believing Santa Claus exists, but how many carry that belief with them into adulthood when no one ever told them the brutal truth about the fat red guy?

    (...waits for funny Santa Claus comments ;)

  • by EdIII (1114411) * on Friday July 10, 2009 @04:41AM (#28647079)

    I agree with you about the multi-function aspect of the device. However, I don't agree that is what people "want". It has been what is marketed to them. That does not imply, that it was the wishes of the users in the first place.

    What people want is often marketed to them. In fact, that is the ENTIRE point of marketing in general. To get people to want what you are selling.

    Creating sandboxed devices that can switch to performing various tasks that are secure and separate from each other task is not impossible. It just needs to be created and marketed properly.

    We essentially do the same thing now in data centers. I have servers that are running 8-10 virtual machines on them that are really just appliances handling a specific type of task. Email, DNS, Webhosting, PBX, etc.

    It could happen for regular users too. There just needs to be a marketing campaign to convince them that it benefits them, is easy, and keeps them secure.

    Will it happen? Probably not. That I do agree on. The GP still has a point. At the very least, if you disagree with his point, it's not flamebait right?

  • by TheP4st (1164315) on Friday July 10, 2009 @05:35AM (#28647337)

    Car analogies are popular here on Slashdot (I don't know what that is about), so how about this one. Why is that cars can only be properly and safely operated by mechanics, engineers, and aficionados? Obviously, that is not true. Cars are designed to be relatively simple to operate, yet can be highly reliable, safe, and low maintenance..

    Exactly the reason why car anologies are popular here. My 67 years old mother is fully capable of changing oil, checking tyre pressure as well as determine when they need to be replaced. I even remember her changing them when I was a kid and she had a flat in the middle of nowhere, granted there were quite some muted cursing involved but nonetheless she did!

    Not running as admin excpet when really needed,using a updated AV and Firewall is pretty much the computer equivalent to that, yet only a tiny minority of Windows users do those three things. Seriously, I have long since lost count of the times I have read Windows users proudly proclaim in forums "I have not used a AV or firewall in years and I have never had a virus" and I've met them in meatspace too. The only difference is that with these ones it have only taken me moments in front of their machine to prove how utterly wrong they are.

  • by Zumbs (1241138) on Friday July 10, 2009 @08:17AM (#28648035) Homepage

    If I'm not very much mistaken, resurrection includes healing damage, such as holes through the hands. According to the scriptures of said belief, the Jewish zombie still had the holes.

    If you ever watched Return of the Living Dead III, the newly dead even acted human for a few days ...

  • Re:first post.. (Score:3, Interesting)

    by PMBjornerud (947233) on Friday July 10, 2009 @08:20AM (#28648061)

    since all south korean online banking is done with windows computers, friday will seriously suck.

    I've been scanning the news for updates on this.

    Now it's past 9 PM in Seoul, and I still can't find any news on what actually happened, just a lot of stories like TFA.

    Nothing happened?

  • by mystik (38627) on Friday July 10, 2009 @09:39AM (#28648793) Homepage Journal

    What if we had enemies dropping pamphlets on us?

    What if our government told us they were infected by Ebola, or anthrax, or some other bioterrist agent and shouldn't be touched? (Whether or not they are)

    Having your hands rot off doesn't seem to far fetched now ...

    Smart folks might be able to figure out & confirm the government is full of crap. But lots of the folks out there, who can't even explain the scientific method? They might be inclined to believe them. Why would the government lie to them?

  • by Artifakt (700173) on Friday July 10, 2009 @10:24AM (#28649465)

    Fail. See, the only way to talk about Christians on Slashdot is to oversimplify and parody their beliefs until you are describing what almost nobody actually believes, and then claim you have more authority to decide who is actually a Christian than they themselves do.
          It's like you claim Capitalists worship a Giant Invisible Hand and make human sacrifices to it. When somebody starts posting something reasonable about supply vs demand driven economic cycles of commodity items, you then denounce them as not a "real" Capitalist. Wash, rinse, repeat.
          (And to anybody who is a Marxist. Libertarian, Anarchosyndicalist, Anarchocapitalist, Randroid, Goldwaterist, Left-Center-Syncretist Labor Party, Technophile, Technophobe, Techno-is-my-bitch, Viist, Emacsist, FIAWOList, FIJAGDHist, or whatever, don't think there is no way to translate your beliefs into a straw man and then attack them.)
          So far, none of this particular Christian bash has been really vicious, and some of it has actually been funny. For the rest, He says He forgives you.

  • by maeka (518272) on Friday July 10, 2009 @06:19PM (#28655567) Journal

    How can you defend free-will without believing in God?
    Either causality exists and your brain is a machine with a determined output to its inputs - or you have a magical soul which can move matter.

    Just a curious atheist here...

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries