Forgot your password?
typodupeerror

Korean DDoS Bots To Self-Destruct 501

Posted by timothy
from the someone-needs-a-little-hanging-before-bed dept.
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia carries similar information."
This discussion has been archived. No new comments can be posted.

Korean DDoS Bots To Self-Destruct

Comments Filter:
  • by stillpixel (1575443) on Friday July 10, 2009 @01:44AM (#28646275) Homepage Journal
    Good day to be a linux/mac user eh? In South Korea the worm eats your data.. doh!
    • by Fulcrum of Evil (560260) on Friday July 10, 2009 @02:14AM (#28646407)
      since all south korean online banking is done with windows computers, friday will seriously suck.
      • by macshit (157376) <miles.gnu@org> on Friday July 10, 2009 @06:37AM (#28647559) Homepage

        since all south korean online banking is done with windows computers, friday will seriously suck.

        Hmmm, maybe we've been a bit hasty in judging these bot-writers... anything which provides some incentive for korean websites to change that crap can't be all bad...

        Perhaps the dear-leader is just showing a bit of tough love?

        • Re:first post.. (Score:5, Insightful)

          by stuntpope (19736) on Friday July 10, 2009 @06:45AM (#28647591)

          And anything that may get the average S. Korean to take computer security seriously and not roll their eyes dismissively when you make secure practice recommendations, is a plus in my book.

          • Re: (Score:3, Funny)

            by Zancarius (414244)

            And anything that may get the average S. Korean to take computer security seriously and not roll their eyes dismissively when you make secure practice recommendations, is a plus in my book.

            Hey now, let's be fair here. The South Koreans can't all take a monopoly on ignorant users.

            I'm pretty sure the average user in the US is far more ignorant! Hell, at least in S. Korea, you get people rolling their eyes. Over here, you might be lucky if the person in question has a glazed-over look while drooling slightly.

      • Re: (Score:3, Interesting)

        by PMBjornerud (947233)

        since all south korean online banking is done with windows computers, friday will seriously suck.

        I've been scanning the news for updates on this.

        Now it's past 9 PM in Seoul, and I still can't find any news on what actually happened, just a lot of stories like TFA.

        Nothing happened?

    • by AliasMarlowe (1042386) on Friday July 10, 2009 @03:45AM (#28646783) Journal
      Bots and other malware that do no appreciable harm to their hosts have made users complacent about keeping their systems clean (or preferably secure). In the meantime, the collateral damage of spamfloods, spyware, and DDOS attacks has been inflicted on the whole community. An exemplary episode in which the infected machines actually suffer may wake users up again. Windows users are, as usual, the witless accomplices/culprits in this case, but Macs can be just as easily penetrated (demonstrated in the hackfests each year), and poorly administered Linux/BSD/Solaris systems can also be vulnerable.
      Let the vendors of protective measures celebrate! Sales of anti-virus, anti-spyware, anti-rootkit, firewalls, and so forth may benefit. The publicity may even cause some security holes to be patched, and better practices to become default. Maybe the rest of us will benefit...
  • by mokeyboy (585139) <mark.keir@gmail.com> on Friday July 10, 2009 @01:46AM (#28646279)
    Its all a plot to make people buy Mac
    • by evilviper (135110) on Friday July 10, 2009 @02:58AM (#28646585) Journal

      Actually, it CLEARLY is a plot. It should be pretty obvious to everyone...

      It was designed to attack less important government websites, while keeping collateral damage to a minimum... No attempts on the power grid, FAA, etc., and no private companies affected.

      Joe Lieberman went up before a room full of press and cameras and said, (roughly) "If this was someone sending us a message, we got it loud and clear."

      Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?

      And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.

      So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...

      • by Opportunist (166417) on Friday July 10, 2009 @03:34AM (#28646747)

        It sounds more like the destruction of evidence. But then again, why'd I want to do that if I was already identified as the culprit? What could I gain? If anything, I'd want the attack to continue indefinitly, even after I've been wiped out, so to maximize the damage to my enemy even if I should not survive it.

        To anyone playing chess: If you can't save your queen, make sure you can trade it for his.

      • by EdIII (1114411) * on Friday July 10, 2009 @04:22AM (#28646971)

        Plus, it launched on July 4th, not a particularly significant day for North Koreans... And while anybody could look it up, who here can say they know the dates of big Chinese holidays? Really?

        Actually, you're just plain wrong about that. July 4th is a very important day for North Koreans. It is when Americans celebrate their independence, and their capitalist freedoms. The propaganda in North Korea starts from a very young age. July 4th is a bad day for North Koreans and they are taught that THAT day is when their mortal enemy celebrates and plots their demise.

        So, North Korea deciding to launch missiles or a cyber-attack on July 4th, is no coincidence. Not by a long shot. It's the exact opposite of what you are thinking. July 4th is the perfectly appropriate day to launch attacks against America.

        Keep in mind, the war between the U.S and North Korea never ended. It has been in a cease-fire for over 50 years. They are not over it. Far from it. I would even say they are still obsessed and paranoid about the U.S attacking any minute. There are a lot of mentally unstable and brainwashed people in North Korea. Aside from the special elite families (in glorious Animal Farm tradition), that get to enjoy all the perks of Western culture, the rest of the people, including highly ranked military officers are very misinformed people with a deep suspicion and hatred of the U.S.

        I would suggest you read about defectors and refugees from North Korea that actually make it out of the country. When interviewed, these people state beliefs in the most outlandish and bizarre pieces of propaganda. Situations like women absolutely convinced that if they touch dropped pamphlets from the South (through air campaigns to spread information to the people) that their hands will rot off . When asked, if they really felt it was true, they state that they really believed it. That's just one example.

        So it's not far fetched at all, that July 4th is a day when North Koreans feel hatred and fear.

        And now, it's doing exactly what good worms NEVER do... Killing their hosts, and themselves, suddenly, flagrantly, and unnecessarily. Exactly what any of us would wish to do with zombie PCs.

        So, it seems pretty damn likely it was in fact anti-malicious. Some misguided white-hat who thinks drawing attention and cause a small bit of undeniable pain is the only way to make things get better. Frankly, it sounds like the ideal NSA fund raiser...

        That's very plausible. Botnets are valuable right now. Destroying this Botnet, is in fact, destroying VALUABLE INVENTORY. For organized cyber criminals, this makes no sense whatsoever to destroy what they worked so hard to obtain, or spent money to purchase.

        I admit, it does not sound like what criminals would do at all. All that loss, just to possibly cover their tracks a little?

        A "white-hat" trying to make a point though? What better way then to cause a little mischief and then mercifully destroy the tools. Your argument is compelling....

        • by Bert64 (520050) <bert@noSPam.slashdot.firenzee.com> on Friday July 10, 2009 @04:30AM (#28647009) Homepage

          Or for a blackhat, what better way to divert the blame?
          Bots are plentiful, insecure windows boxes are extremely abundant and it will be easy for them to acquire more, they probably haven't even diverted all of their current resources to this attack.
          The machines that get wiped will likely just be reinstalled from the recovery cd that came with the machine, thus returning them to the same vulnerable state they were in before - ready to be reowned.

          Incidentally, if you've ever looked at a compromised machine, there's typically lots of different pieces of malware on them, most infected boxes tend to be shared between several groups and some end up a battleground between competing groups trying to remove each others' malware.

        • Re: (Score:3, Interesting)

          When interviewed, these people state beliefs in the most outlandish and bizarre pieces of propaganda. Situations like women absolutely convinced that if they touch dropped pamphlets from the South (through air campaigns to spread information to the people) that their hands will rot off . When asked, if they really felt it was true, they state that they really believed it.

          Then they are incredibly stupid. Kids in the West get brainwashed into believing Santa Claus exists, but how many carry that belief with them into adulthood when no one ever told them the brutal truth about the fat red guy?

          (...waits for funny Santa Claus comments ;)

          • Re: (Score:3, Funny)

            by EdIII (1114411) *

            Kids in the West get brainwashed into believing Santa Claus exists, but how many carry that belief with them into adulthood when no one ever told them the brutal truth about the fat red guy?

            What are you saying? You're not saying... ?

            But... but... that CAN'T be true.

            You just shut up. I still get my presents each year.

    • Re: (Score:3, Interesting)

      by Yvanhoe (564877)
      Well I must say that I was waiting for such a virus. I the last years, virus are considered like an invisible nuisance that doesn't eat more than a few CPU cycles and some bandwidth. People forgot about the first virus that routinely erased data. Maybe if this kind of virus make a comeback, we will see more people seriously concerned about IT security.
    • by chfriley (160627) on Friday July 10, 2009 @06:20AM (#28647509) Homepage

      Hi, I'm a Mac, and uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu...we're a PC.

  • U ? (Score:4, Funny)

    by clang_jangle (975789) on Friday July 10, 2009 @01:47AM (#28646285) Journal

    Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system

    Wow, and I thought only 0 and 1 could actually be written to the hard drive.

    • Re:U ? (Score:5, Funny)

      by JorDan Clock (664877) <jordanclock@gmail.com> on Friday July 10, 2009 @01:52AM (#28646307)
      That's why this is newsworthy.
    • Re:U ? (Score:5, Insightful)

      by Anonymous Coward on Friday July 10, 2009 @01:58AM (#28646327)

      u in binary (yeah, I know what you meant):
      1010 0101

      I would have expected
      0101 0101
      which is "U"
      (or 1010 1010, but that doesn't seem to be a nice ASCII character I can type)
      Hmm, maybe it is a capitalization error on someones part, or maybe they just like the palindromic nature of 1010 0101?

      • Re:U ? (Score:5, Informative)

        by broken_chaos (1188549) on Friday July 10, 2009 @02:02AM (#28646343)

        I wouldn't expect either of the linked articles to know binary. It probably is "U", meaning just a repeating 010101010101010101........ Makes the most sense given the structure of hard drives and the fact that a repeated sequence of "u" after "memory of the independence day" (assuming that comma is also not part of it) makes no sense from any point of view.

        • that a repeated sequence of "u" after "memory of the independence day" ...... makes no sense from any point of view.

          memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU mofo for even thinking about reminding me of that film
          memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU lost
          memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU won
          memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU can have a statue
          memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU must be joking, I was pissed as a newt!
          memory of the independence day UUUUUUUUUUUUUUUUUUUUUUUUUUU look cute as a panda

          well, maybe n

      • Re:U ? (Score:5, Informative)

        by Anonymous Coward on Friday July 10, 2009 @02:38AM (#28646491)

        .... "u" in ASCII, represented in binary is 0111 0101, not 1010 0101. "U" is 0101 0101, as you said though.

    • Re:U ? (Score:5, Funny)

      by jim_v2000 (818799) on Friday July 10, 2009 @05:08AM (#28647219)
      In South Korea, virus writes U!
    • Re: (Score:3, Funny)

      by SeaFox (739806)

      In Soviet Trojan, hard drive is overwritten by "U"!

  • by Immostlyharmless (1311531) on Friday July 10, 2009 @01:48AM (#28646291)
    You have to imagine if these computers are all infected with this one trojan, they are probably infected with god only knows how much other spyware, malware, backdoors, and spambots. This might just be a GOOD thing; when these compromised twits wake up to a completely wiped drive, it might be the thing that drives them to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all the aforementioned crapware.
    • by tsa (15680) on Friday July 10, 2009 @01:50AM (#28646301) Homepage

      Forget it. They will just buy a new computer because their old one is 'broken.'

      • by mlts (1038732) * on Friday July 10, 2009 @03:12AM (#28646633)

        This reminds me of the '90s and MS-DOS viruses. At first, people didn't care because stuff like Brain, et al. were annoying but not malicious. Then came more and more destructive variants. Once BIOSes started getting zapped, people started making sure that they downloaded from a clean source and used AV protection.

        Times are similar now. Malware used to be annoying because it was fairly crappy code that bogged down a machine. These days, because malware has matured to the point where a user doesn't even know it is present on a system, they tend not to care. Such as the attitude of "I'll do what I want on my computer, if I get my machine slowed down, Geek Squad will fix it for me". If something malicious software bit them, wiping everything on a widespread basis, it might spur Joe Sixpack into not using IE with all settings set to "Low" because the pr0n sites don't complain that way.

        However, having a lot of clueless users get their data zapped this isn't a good thing overall. A lot of them will not do a thing for their own security. Instead, they will beg the lawmakers to do something, and feel good (or more aptly, feel "secure") legislative solutions rarely address international problems. Lots of bad things can happen down this path, from mandated "security" software to be on machines, to efforts to make PCs closed appliances like video game consoles.

    • +1 Insightful (Score:5, Insightful)

      by zooblethorpe (686757) on Friday July 10, 2009 @01:52AM (#28646309)

      This might just be a GOOD thing; when these compromised twits wake up to a completely wiped drive, it might be the thing that drives them to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all the aforementioned crapware.

      Precisely my thought on reading the summary -- good riddance to some severely compromised systems on the one hand, and on the other, I sincerely hope the users gain a clue.

      Getting hit with the clue bat hurts. Otherwise, folks tend not to remember.

      Cheers,

      • Re:+1 Insightful (Score:5, Interesting)

        by religious freak (1005821) on Friday July 10, 2009 @03:17AM (#28646669)
        Who wants to take odds that a malware author will act to save these machines? It's not an impossibility - who would want to potentially lose many thousand boxes when you could just push a fix down to the machines? These machines are assets in the malware authors' "business".

        It'll be interesting to watch. If it happens, it'll be kind of like a geek version of spy vs spy.
    • More likly they'll complain their kid's game broke their computer, buy a new one and continue punching the monkey.
    • Re: (Score:2, Insightful)

      by HockeyPuck (141947)

      You have to imagine if these computers are all infected with this one trojan, they are probably infected with god only knows how much other spyware, malware, backdoors, and spambots. This might just be a GOOD thing; when my friends and family wake up to a completely wiped drive, it might be the thing that drives my 89yr old grandmother to read up on computer security a little bit, perhaps switch to a more secure browser, buy a router with a hardware firewall, etc. Not to mention, it will also wipe out all o

      • Why don't you just wish them to total their car so that they can be forced to buy a newer, more fuel efficient car.

        It's more like watching them make the engine explode in flames because they never changed the oil in 80,000 miles.

        There's unavoidable mechanical failure and then there's not keeping up on maintenance. The former is forgivable, despite being annoying. The latter drives me to wreak havoc on my liver.

      • of their pictures, tax returns, email and other important documents.

        If they have proper backups they will only have a small amount wiped out. If they don't have proper backups then there is only one way to learn to do proper backups. That's to have everything wiped. Right now we are beginning to build seriously important stuff on quicksand. There will be more of this and if it's as small as it sounds (a few 10s of Ks of computers is nothing) then we should be happy.

    • by rodgster (671476) <rodgsterNO@SPAMyahoo.com> on Friday July 10, 2009 @02:11AM (#28646385) Journal

      hhhmmm

      I wonder if the backbone network admins are going to block access to that "set of web servers" or just let nature take it course.

      • by rastilin (752802)
        This sounds like an excellent opportunity four a counter-hack. If you follow the chain of computers back to the source, won't it end up in the opponent's critical systems? By placing a backdoor in the target, we would be able to study their technique and objectives.
        • by rtfa-troll (1340807) on Friday July 10, 2009 @02:57AM (#28646581)

          This sounds like an excellent opportunity four a counter-hack.

          no

          If you follow the chain of computers back to the source, won't it end up in the opponent's critical systems?

          likely not.

          The people behind this are probably reasonably good at what they are doing. Most likely it will at best lead to a compromised host which is being controlled remotely. Very likely the loss of the actual original control system where the bot herder is sitting would not be a big deal. Probably there will be one or more levels where you will go through a P2P network which doesn't make it clear at all where the commands are coming from. The only way to be absolutely sure is to actually raid the physical location where the bot control is coming from and catch the guy at his keyboard.

          Having said that, counter-hacking might be a useful investigative technique. If it was legal.

    • by Anonymous Coward

      NO.

      In fact the S. Korean government is publically saying that North Korea is to suspect, along with some "pro-North" factions in South Korea.

      Or, in terms you are more familiar with: "OMG! TEH TERRORISTS! WHERE IS NATIONAL SECURITY?"

      This will be an opportunity for the current government to distract people from their having put our nation into a pile of horseshit, and to round up some anti-government people for being "pro-North" and "hating freedom." Well, yes, *some* of them may be crazy enough to be pro-No

    • by clarkkent09 (1104833) * on Friday July 10, 2009 @02:33AM (#28646465)
      This seems to be a popular view here on slashdot but it ignores the fact that 90% of the computer users neither understand nor should have to understand a single bit of what the hell you are talking about. It should be considered a failure of the part of the computer industry to be making products that are incapable of being used for storing important data without expert level knowledge on how to secure it. We in that industry should start admitting that the issue is our fault instead of calling people twits for not knowing what a "router with a hardware firewall" is. Oh, and you can blame MS all you want but the truth is that Linux, if as widely adopted and used by ordinary computer illiterate users, and as targeted by the malware writers as Windows is, wouldn't be a whole lot batter.
      • Re: (Score:3, Insightful)

        by EdIII (1114411) *

        How on Earth is the above comment flamebait? In any way, shape, or form?

        This poster is absolutely RIGHT .

        Car analogies are popular here on Slashdot (I don't know what that is about), so how about this one. Why is that cars can only be properly and safely operated by mechanics, engineers, and aficionados?
        Obviously, that is not true. Cars are designed to be relatively simple to operate, yet can be highly reliable, safe, and low maintenance. At least for the majority of their lifetime, for the average per

        • by SilentMobius (10171) on Friday July 10, 2009 @04:17AM (#28646945)

          No, the GP isn't right.

          A computer is a multi-function device its strength is that it can attempt most task. A car is a mono-function device. If you want people to have safe malware-free devices you need to convince them to buy an Email appliance, Web browsing appliance, Movie-playing appliance, Desktop-publishing appliance, etc etc. Then there is a possibility (after the market matures) that these can be secure by-design. But people don't want that, they want a machine that is cheap and does everything, except the things that they don't want it to do, and they want the machine to know the difference even if they don't.

          And that? that will never happen IMHO.

          • by EdIII (1114411) * on Friday July 10, 2009 @04:41AM (#28647079)

            I agree with you about the multi-function aspect of the device. However, I don't agree that is what people "want". It has been what is marketed to them. That does not imply, that it was the wishes of the users in the first place.

            What people want is often marketed to them. In fact, that is the ENTIRE point of marketing in general. To get people to want what you are selling.

            Creating sandboxed devices that can switch to performing various tasks that are secure and separate from each other task is not impossible. It just needs to be created and marketed properly.

            We essentially do the same thing now in data centers. I have servers that are running 8-10 virtual machines on them that are really just appliances handling a specific type of task. Email, DNS, Webhosting, PBX, etc.

            It could happen for regular users too. There just needs to be a marketing campaign to convince them that it benefits them, is easy, and keeps them secure.

            Will it happen? Probably not. That I do agree on. The GP still has a point. At the very least, if you disagree with his point, it's not flamebait right?

          • by tepples (727027) <{tepples} {at} {gmail.com}> on Friday July 10, 2009 @07:33AM (#28647775) Homepage Journal

            Movie-playing appliance

            That's called a DVD player. There are also game-playing appliances, but these are typically locked down so tight that works developed by students, hobbyists, and small businesses can't get in through the normal channels.

          • Re: (Score:3, Insightful)

            by steelfood (895457)

            You need to take a test to get a license to operate a vehicle. The purpose of the test is to ensure that anyone driving actually knows how to drive.

            I'd like to see something similar for the networked computer. Not necessarily a use license, but tests that at least ensure minimal security competency before allowing users access to the outside. These "tests" don't have to be the question-answer sort, but something along the lines of putting the round peg in the round hole and the square peg in the square hole

        • Re: (Score:3, Interesting)

          by TheP4st (1164315)

          Car analogies are popular here on Slashdot (I don't know what that is about), so how about this one. Why is that cars can only be properly and safely operated by mechanics, engineers, and aficionados? Obviously, that is not true. Cars are designed to be relatively simple to operate, yet can be highly reliable, safe, and low maintenance..

          Exactly the reason why car anologies are popular here. My 67 years old mother is fully capable of changing oil, checking tyre pressure as well as determine when they need to be replaced. I even remember her changing them when I was a kid and she had a flat in the middle of nowhere, granted there were quite some muted cursing involved but nonetheless she did!

          Not running as admin excpet when really needed,using a updated AV and Firewall is pretty much the computer equivalent to that, yet only a tiny minorit

        • Re: (Score:3, Insightful)

          by Martin Spamer (244245)

          ... cars can only be properly and safely operated by mechanics, engineers, and aficionados? Obviously, that is not true. Cars are designed to be relatively simple to operate, yet can be highly reliable, safe, and low maintenance. At least for the majority of their lifetime, for the average person.

          Car Drivers need a licence to ensure they are properly and safely operated.
          Car Drivers can be sanctioned for dangerous or irresponsible practices.
          Car Drivers require insurance to compensate people who suffer a los

  • Yay? (Score:3, Insightful)

    by ThrowAwaySociety (1351793) on Friday July 10, 2009 @01:51AM (#28646303)

    At least this way they'll get cleaned up and (possibly) patched, right?

    Compare it with biological malware. Ebola causes more damage than AIDS, but it's less of a concern, because it kills the host dead pretty quickly. AIDS causes more havoc, because the host survives for such a long time.

    • Re:Yay? (Score:4, Insightful)

      by L4t3r4lu5 (1216702) on Friday July 10, 2009 @05:48AM (#28647383)
      No, the havoc is caused because the host survives symptom free for a long time, potentially spreading the disease for years before being tested and diagnosed, especially in less developed countries.

      A guy bleeding from his nose, eyes, and ears is a pretty sure sign that you shouldn't shake his hand.
  • good... (Score:2, Insightful)

    by advocate_one (662832)
    about time windows boxes self destructed... people might start to question windows security issues more if their boxes died rather than just slowed down...
    • Re: (Score:3, Insightful)

      by DeadDecoy (877617)
      If we're lucky. Odds are MS will use this as an opportunity and say: See why you need Win7? Upgrade now for the measly price of 99.99$.
    • Re: (Score:3, Interesting)

      by Fatal67 (244371)

      And if they all switch over to unix, you'd just have a bunch of clueless unix users. Except now, you'd have enough users for them to actually bother writing malware for it.

      Be careful what you wish for.

  • by Animats (122034) on Friday July 10, 2009 @01:57AM (#28646325) Homepage

    It's already Friday in most time zones. Is this happening?

  • by Dr. Eggman (932300) on Friday July 10, 2009 @02:04AM (#28646359)
    I've been trying to figure out whose independence day it is referring to. Based on Wikipedia, it's not Korea's (North or South) China, Japan, the US, or Russia. Nearest I can figure for Friday, July 10th is... the Bahamas?

    ...Unless it means next Friday, July 17th which celebrates South Korea's Constitution Day; the day that the Korean Constitution was proclaimed in 1948. But, no, clearly it's the Bahamas.
  • uh what? (Score:4, Insightful)

    by roc97007 (608802) on Friday July 10, 2009 @02:05AM (#28646361) Journal

    > From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.'

    Did the washington post writer get this wrong, or is this a misreported urban legend? The "trojan horse" part doesn't make any sense -- the computer is already compromised.

    • From what I understand - and that isn't much - the "trojans" are actually named as known Windows executables, so yeah... in a sense they are trojans.
  • Well... (Score:5, Insightful)

    by TheSpoom (715771) * <slashdot&uberm00,net> on Friday July 10, 2009 @02:09AM (#28646377) Homepage Journal

    Sucks to be running Windows.

    *gets back to work in gedit*

  • happy ending (Score:5, Insightful)

    by Errtu76 (776778) on Friday July 10, 2009 @02:19AM (#28646421) Journal

    I'm glad there's a happy ending to this story. Thousands of unpatched windows machines will cease to exist, hurray!

  • by Arivia (783328) <arivia@gmail.com> on Friday July 10, 2009 @02:23AM (#28646441) Journal
    I'm surprised they aren't filling the storage with "kekekekekekekekekekekeke"...
  • by xenophrak (457095) on Friday July 10, 2009 @02:37AM (#28646487)
    Over at Yahoo ( http://tech.yahoo.com/news/ap/20090710/ap_on_hi_te/as_skorea_cyber_attack [yahoo.com] ) they are reporting that there are only 86 IP addresses causing the outages:

    "SEOUL, South Korea -
    Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea
    used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers
    Friday, amid suspicions North Korea was behind the effort."

    Now, I'm a little skeptical that they didn't mean ISP instead of IP, but if it is true that there are only 86 hosts generating this much fanfare, then the network admins should be strung up with cat6 for not just blackholing these punks at the edge router. I guess we get the best govt. IT we can afford, right?
  • WOW (Score:2, Redundant)

    by someone1234 (830754)

    Actually it does something useful.
    This will teach all negligent users to actually defend against zombifying.
    One of my colleagues says, he wouldn't care if his machine is a zombie as long as it doesn't slow the machine significantly.

  • Blood in the water (Score:5, Interesting)

    by Pecisk (688001) on Friday July 10, 2009 @02:48AM (#28646533)

    This will be ugly and exciting at once. First of all, I bet all mob supported worm writers will be fuming, because someone broke silent agreement that there should be no destructive viruses, otherwise people would start to actually care. And if people care => more correctly patched boxes => less posibility to own them => no profit at all.

    Second, it will send very interesting message to people who have ignored subject of IT security so far. Imagine company with 100 computers suddenly standing on nothing but the air - no data, no OSes to work with, nothing. Third, I am afraid that some control maniacs (those who usually end with having an actual power to be maniacal) will use it as an excuse to impose more control on Internet. Of course, it will be laughted at by serious IT security specs, but those freaks will freak out and it will be interesting and frightening at same time.

  • by Opportunist (166417) on Friday July 10, 2009 @03:45AM (#28646781)

    I'd be scrambling now to get that day off. Failing that, I'll find a doc that writes me a sick leave, if necessary for a bribe. Failing that I'd quit.

    There is no way anyone in support will survive that day without a ringing in his ears.

    • Re: (Score:3, Insightful)

      by jimicus (737525)

      There is no way anyone in support will survive that day without a ringing in his ears.

      Yes, that would be the telephone. It kind of goes with the job in tech support.

  • Starcraft (Score:5, Funny)

    by GF678 (1453005) on Friday July 10, 2009 @06:00AM (#28647425)

    The lack of any computers in South Korea still left alive to run Starcraft will cause a country-wide panic. There will be riots on the streets! Blood will run free, mark my words...

  • by hoggoth (414195) on Friday July 10, 2009 @07:43AM (#28647833) Journal

    > Posted by timothy on Fri 10 Jul 01:41AM
    > hard drives wiped of data come Friday.

    NOW you tell me?!

    • Re: (Score:3, Funny)

      by selven (1556643)
      It probably won't happen until midnigmemory of the independence dayUUUUUUUUUUUUUUUUUUUUUU
  • by Twillerror (536681) on Friday July 10, 2009 @09:43AM (#28648859) Homepage Journal

    It's not a small amount, but considering there are 100s millions of machines around the world it is a pretty small amount.

    How many machines out there have a HD failure everyday? I'm guessing it is less than 50,000, but probably not much lower. Google and wiki searching only gave me numbers like 3% annualized failure rate up to 13%.

    Once the system is rebooted what kind of error message will they see? OS not Found from the bios? I wonder how many users will simply think their harddrive failed.

"It's curtains for you, Mighty Mouse! This gun is so futuristic that even *I* don't know how it works!" -- from Ralph Bakshi's Mighty Mouse

Working...