The Korea Herald

피터빈트

DDoS attack virus wipes hard drives

By 황장진

Published : March 6, 2011 - 18:58

    • Link copied

A malicious code embedded in personal computers to attack Internet sites in Korea began to destroy hard drives of their host computers on Sunday, communication authorities said.

Key government agencies and financial institutions suffered cyber assaults Friday and Saturday with minor damage caused.

On Sunday, the code for the so-called “distributed denial-of-service” attacks activated an order to delete all data in personal computers in which the virus was planted, the Korea Communications Commission said.

A DDoS attack uses “zombie’ computers to launch simultaneous access to selected sites and swamp them with traffic.

The code also activated programs to block those computers from downloading vaccine programs to treat the virus, it said.

The destruction of host computers usually starts four to seven days after the computers are embedded with the DDos code. But this time, it began only two days after the infection, the KCC said. 
COMPUTER SECURITY — An engineer at a Seoul company checks the computer system on Sunday in the wake of a wave of cyber attacks on Friday and Saturday. (Yonhap News) COMPUTER SECURITY — An engineer at a Seoul company checks the computer system on Sunday in the wake of a wave of cyber attacks on Friday and Saturday. (Yonhap News)

The government posted a public notice early in the morning urging the public to refrain from using computers.

More than 34,000 computers were inadvertently used to carry out DDoS attacks targeting websites including those of the presidential office, U.S. forces, the military Joint Chiefs of Staff, the ministries of foreign affairs, defense and unification, which handles relations with North Korea, parliament and the tax office, officials said.

The attacks were fended off as antivirus software was downloaded as a precaution and most “zombie computers” were turned off Saturday.

The government and local antivirus firms, however, maintained an alert status for further attacks.

Police have isolated 30 overseas servers that were ordering the attacks.

These servers have been traced to 18 countries and territories around the world, including the United States, Russia, Italy, Mexico, Israel and Hong Kong.

Police have contacted overseas law enforcement agencies in attempts to trace the origin of the attacks.

(From news reports)