S. Korea Says Cyber Attack From North Wiped 48,700 Machines 186
wiredmikey writes "An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined that North Korea's military intelligence agency was responsible. An investigation into access records and the malware used in the attack pointed to the North's military Reconnaissance General Bureau as the source, the Korea Internet and Security Agency (KISA) said on Wednesday. To spread the malware, the attackers went through 49 different places in 10 countries including South Korea, the investigation found. The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."
The Scoop (Score:5, Informative)
Re:The Scoop (Score:5, Informative)
more accurately, it checks for parameters of any ssh connection *with root privileges*. everyone see the problem there? every owner of every machine that fell to the n. korean attack richly deserved what they got. piss poor security will bite one in the ass.
Re:The Scoop (Score:4, Informative)
Yup, this is why you should only accept standard user logins, let them use sudo if they need to administer the box.
Re:"PermitRootLogin yes" fixes it .. or not (Score:4, Informative)
Even that doesn't do much, if the attacker has control of your user account and your user account can create psuedo terminals (and if you cant create psuedo terminals then you can't use anything like xterm or screen) then they can easilly change your bash profile to add a directory under your homedir to the path. Then add malicious su and sudo wrappers in there which record the credentials.