Computer Virus to be Blamed for Computer Failures in South Korea

According to an official close to the ongoing investigation reported that a computer virus and not a cyberattack is the prime cause of the ongoing computer outages at several South Korean banks and TV stations recently, as reported in menafn.com on March 20, 2013. However, the virus is under investigation.

As per the South Korean National Police Agency, three broadcasters -- KBS, MBC, and YTN along with three banks -- Shinhan, Nonghyup and Jeju and two insurance firms have reported their computer systems to have suddenly stopped at about 2 PM on March 20, 2013.

Some of the affected computer screens displayed skulls, while others simply displayed error messages and were not being able to be restarted.

According to the report by an Alien Vault Labs, the infected machines at the organizations were identified to be infected with malware that are capable of overwriting the master boot records (MBR) for affected devices. However, once the machines are compromised, they automatically close and do not reboot further.

Further analysis revealed that the malware overwrote the MBR data with the word "Hastati," a reference to the Latin word for a particular type of Roman infantryman. The code also contained the words "Princpes" and "Ncpes," which appear to be misspelled references to the Latin word "Princeps," which is used to describe the Roman Emperor as the "first citizen."

More analysis revealed that the malware is empowered to overwrite the MBR data using the word "Hastati," which is a reference to the Latin word for a specific kind of Roman infantryman.

While hacking a system, the malware also searched for AhnLab Policy Agent and Hauri ViRobot that do the malware on its hosts, which are disabling them with the taskill.

While an organization identifying itself as "WhoisTeam" took credit for the attacks, speculation abounds that North Korea may have sponsored the offensive.

Last week, during the first fortnight of March 2013, North Korea held the US and South Korea against the attacks that could be a result of a March 20, 2013 attacks and could be due to some sort of retaliation. Even North Korea was held responsible for cyberattacks on South Korea's government and financial institutions during 2009 and 2011.

According to the South Korean Defense Ministry's spokesman, Kim Min-Seok though the possibility of North Korea being involved in this venture cannot be ignored, yet it would be too early to comment anything, as published by venturebeat.com on March 20, 2013.

However, due to this commotion, South Korea's Defense Ministry increased its cyber threat alert status to the third level from the fourth level due to this online attacks.

Related article: Computer Virus Detection And Prevention

» SPAMfighter News - 3/26/2013