Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI warns of 'destructive' malware in wake of Sony attack


  • Please log in to reply
39 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 PM

Posted 02 December 2014 - 02:40 PM

FBI warns of 'destructive' malware in wake of Sony attack


The Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch a destructive cyberattack in the United States, following a devastating breach last week at Sony Pictures Entertainment.

Cybersecurity experts said the malicious software described in the alert appeared to describe the one that affected Sony, which would mark first major destructive cyber attack waged against a company on U.S. soil.

...The five-page, confidential "flash" FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack...The report said the malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up. "The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said...


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:06:58 PM

Posted 02 December 2014 - 03:24 PM

That if a malware of this type can affect Sony and get into the wild. Imagine how many PCs would become affected by the virus and would become utterly useless because the PC will not boot making the malware harder to remove. Sounds like the worst rootkit possible.



#3 titan1

titan1

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal,India
  • Local time:06:28 AM

Posted 03 December 2014 - 12:26 AM

That is why regular back up is recommended.No matter what security suite you use,if the machine does not boot,it is gone.

#4 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 PM

Posted 03 December 2014 - 05:59 AM

Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Rrocha

Rrocha

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 03 December 2014 - 07:18 AM

I really would like to read, what kind of technology Sony have and how it did be surpassed.
I did read about APTS( advanced Persistent threats), a Dummies book brought for palo alto. And i think Sony has this kind of technology available.



#6 rp88

rp88

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:58 AM

Posted 03 December 2014 - 01:17 PM

What would be the purpose if a virus which simply wrecks the hardware of a computer, and makes it unbootable? the hugs are after profit, they don't make viruses to destroy computers, they make viruses that will let them steal (directly, indirectly or via ransom) from their victims.


But acts as another reminder to backup, i'm shocked by the proportion of people who haven't learnt that yet.

Edited by rp88, 03 December 2014 - 01:17 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 PM

Posted 03 December 2014 - 01:29 PM

What would be the purpose if a virus which simply wrecks the hardware of a computer, and makes it unbootable? the hugs are after profit, they don't make viruses to destroy computers, they make viruses that will let them steal (directly, indirectly or via ransom) from their victims.

 

 

Cyber criminals want to make money. Enemies of the U.S. want to hurt the country by any means possible...they don't care about profits.
 

Hackers used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers. Those attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran...The technical section of the FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:06:58 PM

Posted 03 December 2014 - 02:28 PM

Not everyone uses malware for profit. Just goes to show that sometimes its just to wreck havoc where they can.



#9 systemsol

systemsol

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 03 December 2014 - 02:40 PM

Read article today that the Sony incident may be an inside job!

 

http://www.hollywoodreporter.com/news/sony-hack-studio-security-points-753509



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:58 AM

Posted 03 December 2014 - 04:46 PM

That's nice -

Over $20 million in basic yearly salaries just in the top 10 listed there :gathering:  .

Double that ?? if they make a couple of good movies (costing $20 million+ to make) and it would increase costs (passed to ticket prices), so they are on about $40 million on a decent year,and that's just those top 10. The lower paid ones are only on about $1 Million each per year, so if they don't get bonuses ($500,000 each) it stands to reason they may be a bit ????? miffed about things.

 

I would like to know if they can justify those types of salaries, or, as put forward (and noted in the article), could it be an insider looking for their bonus ??

 

Just my rambling wishes, as I sit in front of my PC and wish I could earn a bit more on my disability pension ....... (ignore me if you wish :whistle: )

EDIT - Quiet day, so I may just do another system back-up


Edited by noknojon, 03 December 2014 - 04:48 PM.


#11 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,926 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:58 AM

Posted 03 December 2014 - 10:03 PM

 

The malware used in the attack, which has been described by a Sony spokesperson as “very sophisticated,” is almost certainly the same as that identified in the FBI memo. That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers—and files named for key Windows components to do most of the dirty work of communicating with its masters and wreaking havoc on the systems it infects.

While the FBI memo provided a means to detect the “beacon” message used by the malware to communicate back to the command and control (C&C) servers used by the attackers who planted it, that information by itself may not protect targeted organizations. That’s because the malware only begins to broadcast back to the C&C servers once it’s been launched—and deletion of data on the targeted network has already begun.

Inside the “wiper” malware that brought Sony Pictures to its knees


Edited by NickAu1, 03 December 2014 - 10:03 PM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#12 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:07:58 PM

Posted 04 December 2014 - 02:28 AM

Funny, the USA has in place a nice policy that states you attack the USA, the USA will drop a bomb on you.  It covers things like power grids, government, oil, healthcare etc.  You can see it here.  More on it from Schneier of Security

 

That said Sony is outside that scope, but what I wonder is with the pulling of 5 or 6 movies (I think).... How long was N. Korea in their systems?  Better yet, how long did they have a backdoor to Sony.  Meaning was it found in the last few weeks, or days... or did they hide out for a few years?  That is what most smart groups do.  Sit and wait. 

 

That said, how many others are on their short list. 

Here is a great write up from Krebs On Security about the Sony Hack, and the TON of SSN, Healthcare info and other items released. 

 

Which to me would seem that they were around and in Sonys Servers for some time.  Grabbing GBs of info full HD movies, drives etc. 

 

Wild wild Internet Out there. 

 

FFT later,

czarboom


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

#13 disabledcomputer

disabledcomputer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 04 December 2014 - 10:30 AM

Sometimes, there is no reason for the attacks. Some people just want to destroy whatever they can. 



#14 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,926 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:58 AM

Posted 05 December 2014 - 04:18 PM

Bureau 121, North Korea’s elite cyber-warfare cell behind the Sony Hacks?

As more and more leaks pour out of Sony Pictures hack attack, the cyber criminals who hacked it are still at large. Preliminary investigations have pointed fingers towards a disk wiping malware which may have been sponsored by North Korea. North Korea has meanwhile denied any hand in the Sony Pictures hack attack. However the US law enforcement agencies still consider it as a prime suspect behind the Sony hack.

Reuters today reported a sophisticated North Korean cyber-warfare cell called Bureau 121. Most of the information about Bureau 121 is obtained from North Korean defectors to South Korea as North Korea is a iron curtain country with severe restrictions any travel to and fro

Bureau 121, North Korea’s elite cyber hacking unit

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#15 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:58 PM

Posted 09 December 2014 - 02:43 PM

This makes the 2nd time inside of 10 years that Sony has been associated with infecting computers. 

 

There was a major rootkit outbreak (or scandal) spread by the corporation between the years of 2005 through 2007. When I read the headline, that came to mind fast. Initially, they claimed these were of no harm. Legal action against Sony followed. 

 

http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users