[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Logic Bomb Set Off South Korea Cyberattack
By Kim Zetter
A cyberattack that wiped the hard drives of computers belonging to banks and
broadcasting companies in South Korea this week was set off by a logic bomb in
the code, according to a security firm in the U.S.
The logic bomb dictated the date and time the malware would begin erasing data
from machines to coordinate the destruction across multiple victims, according
to Richard Henderson, a threat researcher for FortiGuard Labs based in
Vancouver, the research division of the security firm Fortinet.
The attack, which struck machines on March 20, wiped the hard drives and master
boot record of at least three banks and two media companies simultaneously. The
attacks reportedly put some ATMs out of operation, preventing South Koreans
from withdrawing cash from them.
The malware consisted of four files, including one called AgentBase.exe that
triggered the wiping. Contained within that file was a hex string (4DAD4678)
indicating the date and time the attack was to begin â March 20, 2013 at 2pm
local time (2013-3-20 14:00:00). As soon as the internal clock on the machine
hit 14:00:01, the wiper was triggered to overwrite the hard drive and master
boot record on Microsoft Windows machines and then reboot the system.
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org