Sunday, March 24, 2013

South Korean virus wiped MBR on your hard drives at 14-00

The Internet began to emerge the first information about the software tools that have been used for attacks March 20, 2013 on the banking system and the media in South Korea.

March 20 at 14:00 on computers running Windows has been erased boot record MBR and VBR, and on servers running Unix / Linux files deleted via the standard remote management, after receiving authorization data from infected Windows-machines.

The list of goals:

- Nonghyup Bank;
- Shinhan Bank;
- Jeju Bank;
- Nonghyup Life;

Analysis of malware has made security experts from the South Korean company NSHC. Every day they released an updated version of Red Alert report with information about the incident, that the latest version 1.6 of March 22 (pdf).

Based on available information, it can be concluded that just the "destruction" of computer resources of the enemy was made simple, but effective.

The following diagram published dropper and malicious activity on the infected PC utilities.

At several hacked sites hackers placed a beautiful animation.

1 comment:

  1. Oh-oh-oh! South Korean hackers - the new definition, whose only performance? China, the U.S. or anyone else who benefits?