[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Logic Bomb Set Off South Korea Cyberattack


By Kim Zetter
Threat Level

A cyberattack that wiped the hard drives of computers belonging to banks and broadcasting companies in South Korea this week was set off by a logic bomb in the code, according to a security firm in the U.S.

The logic bomb dictated the date and time the malware would begin erasing data from machines to coordinate the destruction across multiple victims, according to Richard Henderson, a threat researcher for FortiGuard Labs based in Vancouver, the research division of the security firm Fortinet.

The attack, which struck machines on March 20, wiped the hard drives and master boot record of at least three banks and two media companies simultaneously. The attacks reportedly put some ATMs out of operation, preventing South Koreans from withdrawing cash from them.

The malware consisted of four files, including one called AgentBase.exe that triggered the wiping. Contained within that file was a hex string (4DAD4678) indicating the date and time the attack was to begin â March 20, 2013 at 2pm local time (2013-3-20 14:00:00). As soon as the internal clock on the machine hit 14:00:01, the wiper was triggered to overwrite the hard drive and master boot record on Microsoft Windows machines and then reboot the system.


Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org