Information Security News mailing list archives
Logic Bomb Set Off South Korea Cyberattack
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 22 Mar 2013 02:05:54 -0500 (CDT)
http://www.wired.com/threatlevel/2013/03/logic-bomb-south-korea-attack/ By Kim Zetter Threat Level Wired.com 03.21.13A cyberattack that wiped the hard drives of computers belonging to banks and broadcasting companies in South Korea this week was set off by a logic bomb in the code, according to a security firm in the U.S.
The logic bomb dictated the date and time the malware would begin erasing data from machines to coordinate the destruction across multiple victims, according to Richard Henderson, a threat researcher for FortiGuard Labs based in Vancouver, the research division of the security firm Fortinet.
The attack, which struck machines on March 20, wiped the hard drives and master boot record of at least three banks and two media companies simultaneously. The attacks reportedly put some ATMs out of operation, preventing South Koreans from withdrawing cash from them.
The malware consisted of four files, including one called AgentBase.exe that triggered the wiping. Contained within that file was a hex string (4DAD4678) indicating the date and time the attack was to begin — March 20, 2013 at 2pm local time (2013-3-20 14:00:00). As soon as the internal clock on the machine hit 14:00:01, the wiper was triggered to overwrite the hard drive and master boot record on Microsoft Windows machines and then reboot the system.
[...]
______________________________________________ Attend #HITB2013AMS April 8th - 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org
Current thread:
- Logic Bomb Set Off South Korea Cyberattack InfoSec News (Mar 21)