Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Public sector in South Korea attacked by malware


  • Please log in to reply
3 replies to this topic

#1 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:35 PM

Posted 20 March 2013 - 12:55 PM

Source: BBC - South Korea network attack 'a computer virus'

Disruption that paralysed the computer networks of broadcasters and banks in South Korea appears to have been caused by a virus, an official close to the investigation has told the BBC.

The official said it was believed a "malicious" code was to blame for the system failure.
[...]
In the latest incident, two South Korean banks, Shinhan Bank and Nonghyup, and three TV stations KBS, MBS and YTN, all reported that their networks had suddenly shut down on Wednesday afternoon.

 
Most users couldn't start their computer at all, but some users also complained about a "hacked" screen (see image) showing up when the computer was started, according to the following NakedSecurity article: SophosLabs identifies malware used in Korean internet attack.
whois-team.jpg?w=640
The file responsible for infecting the computer overwrites the Master Boot Record (MBR) including the partition table, but also the Volume Boot Record (VBR). When testing this, recovery proved complicated (on an XP machine a combination of Testdisk to rewrite the MBR, partition table and NTFS boot sector and the XP Recovery Console to rewrite the Volume Boot Record was necessary in order to repair the damage done). Because the partition table was overwritten, the data on the computer's hard disk couldn't be accessed even when using a Live CD or slaving the drive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


BC AdBot (Login to Remove)

 


#2 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:35 PM

Posted 22 March 2013 - 07:08 AM

Ouch... Thanks for reporting this Elise.


Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#3 Windstorm

Windstorm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 09 April 2013 - 01:59 PM

For problem like these, do you think that there is a code that can crack this without reformatting the whole drive or server, Elise?



#4 Elise

Elise

    Bleepin' Blonde

  • Topic Starter

  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:35 PM

Posted 09 April 2013 - 02:19 PM

I haven't been able to get my hands on the actual black-skull-creating variant, but the other one can be fixed without a reformat/reinstall. For most computer users this won't be a simple fix though because the partition table needs to be rewritten manually (a tool like TestDisk can be used, but you still need to confirm the results it finds, which is not always completely accurate).

Keep in mind though that while this had quite some impact as targeted attack, the actual malware isn't as prevalent as your average FBI/Dept of Justice ransomware and the chance you'll encounter such an infection is very small.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users