Virus Damages Numerous PCs in South Korea
The government of South Korea issued an alert that several thousands PCs started destroying themselves from July 10, 2009.
Actually, the government issued its warning following a 3rd day of online attacks targeting the South Korean commercial and government websites that were forced to remain offline for an extended time period.
On July 9, 2009, a DDoS (Distributed Denial of Service) attack hit a minimum of seven websites operated by media and government organizations, some being the Kookmin Bank site, major portal Naver, the bulk-flow Chosun Ilbo, and the government website of the Ministry of Public Administration and Security.
The KCC (Korea Communications Commission) said that Ahn Lab (a computer vaccine firm in South Korea) had notified it that the virus behind the DDoS attack would be crashing around 20,000 infected computers all over the country.
Ahn Lab's report further stated that the virus would trigger off automatically and would damage the PCs' data, although the malicious program remained unidentified with no antivirus protection made available.
Previously, it was reported that the combined online assaults targeting the Korean and US commercial and government websites during the preceding week were starting to wane.
Joe Stewart, Director of SecureWorks, a malware research firm, said - a Mydoom worm variant that initiates the new attack will be accessing a group of servers to inject a payload. This payload includes a Trojan program that writes over the existing data a message saying "memory of the independence day" to be followed with an unlimited number of the character "u" necessary to overwrite on all parts of each drive of the infected system, explains Stewart, as reported by Washington Post on July 9, 2009.
Stewart further said that he examined the self-destroying Trojan and discovered that it truly deleted the data from the hijacked system's hard drive. However, currently, Mydoom was not unleashing that feature.
According to the cyber-security division of VeriSign, the virus commanded and controlled 30,000-60,000 PCs to build a botnet that would attack select websites with overwhelming requests in a denial-of-service attack.
Related article: Virus Infects Through USB Drives
» SPAMfighter News - 31-07-2009