Analysts Examine Malicious Software Utilized within South Korean Assaults
Plentiful reports are being published in connection with recent cyber-assaults, which paralyzed the websites of many financial institutions as well as TV networks in South Korea, thus making them all inaccessible on 20th March 2013, it has been said
Actually, security researchers from Symantec, Sophos and other security companies, at the outset, examined the malicious software with which the disruption was done.
Sophos, which has been observing the malicious software identified as Mal/EncPk-ACE, since nearly a year, has dubbed it DarkSeoul. According to this company, the malware isn't the least sophisticated, suggesting that the assault is not government-backed too. However, because the malware has been deactivating twin widely used anti-virus software of South Korea namely Hauri and AhnLab, the attack is indicative of a targeted assault.
Chief Research Officer Mikko Hypponen of F-Secure in agreement to Sophos observation stated that the malicious software indeed wasn't sophisticated. Informationweek.com published this dated March 21, 2013.
Moreover, Symantec's research shows that the malware, which its analysts dubbed as Trojan.Jokra, belongs to the Trojan family designed for erasing hijacked PCs' hard disks. It also infects Linux systems and Windows computers of various versions such as Windows 95, Windows 6, Windows 2000, Windows 7, Windows NT, Windows Me, Windows Server 2008, Windows Server 2003, Windows XP and Windows Vista.
In reality, the malicious software as well includes one program coded for remotely erasing data on any Linux PC, which is on the identical computer-network to which the compromised computer belongs.
Symantec stated that usually it didn't find components, which functioned in the presence of multiple OSs; therefore, the company was intrigued when it found the attackers incorporating one for erasing Linux systems through any Windows threat. Informationweek.com published this.
In the meantime, security firm Avast posted on its blog that the assaults on SK banks were sourced to the Korean Software Property Right Council's website.
It stated that attackers infiltrated the website for leveraging one iFrame, which launched an assault that a different website hosted. The original exploit abused a security flaw within IE (Internet Explorer) since July 2012 that Microsoft had patched, Avast additionally said.
» SPAMfighter News - 28-03-2013