Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

FBI: Wiper Malware Has Korean Language Packs, Hard Coded Targets 81

chicksdaddy sends news that the FBI has issued a warning to U.S. businesses over a "destructive" malware campaign using advanced tools. They don't name specific targets, but the information fits with the details from last week's attack on Sony Pictures, which led to the leak of several unreleased movies. A copy of the FBI's recent five-page FLASH alert reveals that the malware alleged to have wiped out systems at Sony Pictures Entertainment deployed a number of malicious modules, including a version of a commercial disk wiping tool on target systems. Samples of the malware obtained by the FBI were also found to contain configuration files created on systems configured with Korean language packs. The use of Korean could strengthen theories that the destructive cyber attacks have links to North Korea, though it is hardly conclusive. It does appear that the attack was targeted at a specific organization. The malware analyzed by the FBI contained a hard coded list of IP addresses and computer host names.
This discussion has been archived. No new comments can be posted.

FBI: Wiper Malware Has Korean Language Packs, Hard Coded Targets

Comments Filter:
  • How (Score:5, Funny)

    by fnj ( 64210 ) on Tuesday December 02, 2014 @01:23PM (#48508575)

    WTF, overwrites the MBR? What half assed OS does this attack? Windows?

    • Re:How (Score:5, Insightful)

      by GameboyRMH ( 1153867 ) <gameboyrmh@@@gmail...com> on Tuesday December 02, 2014 @01:41PM (#48508761) Journal

      I think any OS will do it once the attacking program can gain root access, unless MBR protection is enabled in the BIOS.

      • by fisted ( 2295862 )

        I think any OS will do it once the attacking program can gain root access

        Nope, I don't think so. [gw.com] (see securelevel 2)
        (and nope, you can't defeat it *that* way. [gw.com] (see RB_HALT)).
        It's kind of notable that neither Free- nor OpenBSD seem to support an equivalent to the latter (all three do have the securelevel mechanism, though).

        unless MBR protection is enabled in the BIOS

        Are you living in a distant past where disk i/o still goes via BIOS?

    • > WTF, overwrites the MBR? What half assed OS does this attack? Windows?

      I'm a linux user, not a Microsoft fanboi, but... have you ever heard of fdisk? Or for that matter...

      dd if=/dev/zero of=/dev/hda bs=446 count=1

      to wipe the MBR. If you want to take out the entire hard drive, it's

      dd if=/dev/zero of=/dev/sda bs=1M

      Any OS that can be installed from USB key or a CD can do the equivalant of this.

  • Korea? (Score:5, Insightful)

    by TechyImmigrant ( 175943 ) on Tuesday December 02, 2014 @01:24PM (#48508583) Homepage Journal

    "Yes Sergey, I have this brilliant plan to compile the production malware on a Korean build of Windows. They'll never suspect it was us."
     

  • >> The use of Korean could strengthen theories that the destructive cyber attacks have links to North Korea

    Are you f***ing kidding me? It's just as likely that it was written by an English-speaking American using a pirated copy of Windows he got from a SOUTH Korean warez site.

    • by amicusNYCL ( 1538833 ) on Tuesday December 02, 2014 @01:25PM (#48508593)

      "Just as likely"? I would imagine that, among all of the versions of Windows that have the Korean language installed, the vast majority of them are being used by Koreans rather than English-speaking Americans.

      • by kruach aum ( 1934852 ) on Tuesday December 02, 2014 @01:31PM (#48508661)

        I would also imagine that the kind of person involved in this sort of attack is aware of the capabilities of the people investigating the attack, and that such a person would be interested in confounding that investigation by, say, pretending to be someone he's not, like a Korean language user.

      • Yep. Nobody accidentally downloads and installs Korean Windows. It's a fucking nightmare to install unless you speak the language. It's not like a European language where you can guess the meaning, like "oh installaciÃn must mean installation."

        • It takes like a half hour to learn to read Hangul, and then you can instantly pick out the loan words. Sopeuteuweuh for software, etc.

    • If you're saying it was a false flag operation (trying to make it look like it came from Koreans), it's possible. But who would do that? Normally hackers like to brag and build up their rep. It could be state-sponsored hackers from another country, but then why would China or Iran specifically target Sony Pictures? AFAIK only N. Korea has a beef with Sony.

      It's possible but not likely.

      • Normally hackers like to brag and build up their rep.

        And nobody likes to brag more than North Korea. Even if they weren't at fault, I'm surprised they haven't taken credit for it yet. I can't really account for that.

        • North Korea doesn't always brag about its provocations. Consider the sinking of the South Korean warship Cheonan, which was sunk by a mysterious explosion that was later assessed to have been a torpedo, while off a South Korean island within spitting distance of North Korean waters. North Korea denied any involvement (http://en.wikipedia.org/wiki/ROKS_Cheonan_sinking). Also, while hacker and hacktivist groups tend to be quite open about claiming credit, nation-state hackers tend to be very quiet about it (I
        • Well, North Korea has officially said "Wait and See [hollywoodreporter.com]".

          The film, due for release on Christmas, has drawn criticism from the North Korean government, which called it an "evil act of provocation" and an "undisguised sponsoring of terrorism" and asked the United Nations to block its release. A government website also threatened the filmmakers with "stern punishment."

          Apparently the supreme, glorious little runt doesn't like being teased, and seems to think his delusional self is exempt from parody.

          If so, this wou

          • Well, North Korea has officially said "Wait and See [hollywoodreporter.com]".

            The film, due for release on Christmas, has drawn criticism from the North Korean government, which called it an "evil act of provocation" and an "undisguised sponsoring of terrorism" and asked the United Nations to block its release. A government website also threatened the filmmakers with "stern punishment."

            Apparently the supreme, glorious little runt doesn't like being teased, and seems to think his delusional self is exempt from parody.

            If so, this would be kind of hilarious, and kind of scary ... a nation state doing this stuff because their leader tender ego is feeling bruised.

            If this is North Korea, this is all about waving around the collective penis, and posturing that he has any influence on the rest of the world.

            Hey, Kim was named the sexiest man alive [theonion.com] recently so maybe they have something to be proud of waving...

      • by dunkindave ( 1801608 ) on Tuesday December 02, 2014 @02:33PM (#48509259)
        I like to apply Occam's Razor. Having dealt with a variety of hackers ranging from newbies up to APT, I have found almost all of them make stupid mistakes and do things like this that leak info. I have yet to see a convincing false-flag since attackers would rather hide their origin than fake it, meaning they try to remove all such info instead of putting in fake info. Given my experience I have no trouble whatsoever believing the indicators of the Korean language pack presence on the origination computers is a strong lead for where it came from. The current beef that NK has against Sony due to the upcoming film, along with they specific threats, just adds to it as corresponding motive, like the cherry on top of the sundae.
      • by AmiMoJo ( 196126 ) *

        After the US got caught deploying malware in Iran maybe whoever made this learned from their mistakes and made an effort to disguise the source. If the target wasn't Sony I'd be wondering if it wasn't the US.

      • by rHBa ( 976986 )
        But I thought Team America was produced by Paramount!

        /Joke
    • Not so sure [imgur.com]...
  • Malware? Sony? (Score:5, Informative)

    by TechyImmigrant ( 175943 ) on Tuesday December 02, 2014 @01:37PM (#48508727) Homepage Journal

    Is the irony of Sony being hit by malware lost on people?

    http://en.wikipedia.org/wiki/S... [wikipedia.org]

  • I'm going to laugh my ass off and for SURE go see the movie. Maybe even twice. And buy the DVD.

    • by Anonymous Coward

      It's made by Sony, so I'd get it off BitTorrent. It's the right thing to do.

  • As winter hits the nation, more and more people will be activating wipers to clear off road spray... if "they" manage to get this virus into the mag-chloride solution it could mean millions are impacted.

  • Isn't it possibly someone at sony accidentally inserted one of their CD's?

If all else fails, lower your standards.

Working...