Feeds

back to article South Korea data-wipe malware spread by patching system

South Korea's data wiping malware that knocked out PCs at TV stations and banks earlier this week may have been introduced through compromised corporate patching systems. Several South Korean financial institutions - Shinhan Bank, Nonghyup Bank and Jeju Bank - and TV broadcaster networks were impacted by a destructive virus ( …

COMMENTS

This topic is closed for new posts.
Mushroom

WOW

That is what you get for hiring low cost IT people who work for slave wages.

This is why you hire good people for a pretty penny!

0
0

Re: WOW

You can give me an ugly penny if you give me enough of them.

0
0
Anonymous Coward

Re: WOW

WOW, their security must all completely suck balls if attackers could access internal corporate patching systems from externally. I bet they were running LAMP or some other Linux stack without proper isolation and firewalls...

1
2

Re: WOW

I'm sure the words "nothing could go wrong" or " what's the worst that could happen " were uttered by management.

0
0
Bronze badge

Re: WOW

I'm betting it was a WAMP platform, with a spear phishing attack on the administrator, who used the same username and password on a VPN connection to remote in to work.

Then, they used something like SCCM to push out malware that blew off the MBR.

Pity that an MBR error is so irreparable. They should invent something called fdisk and give if an /mbr switch.

1
0
Silver badge
Joke

Somewhere in the West, in a dimly lit government bunker...

"Shit! Guys, the orders were to launch cyberattacks on NORTH Korea!"

9
0
Trollface

Re: Somewhere in the West, in a dimly lit government bunker...

'Muricans.

1
0
Bronze badge

Re: Somewhere in the West, in a dimly lit government bunker...

Nah, too low tech for an American trick. An American attack would try to release the magic smoke from something.

Or at least run the printers out of toner...

1
0
Anonymous Coward

South K's problem is that they still rely on Active X controls & IE6/7 for just about any online transactions. For example... http://www.techdirt.com/articles/20120507/12295718818/south-korea-still-paying-price-embracing-internet-explorer-decade-ago.shtml

0
0
Unhappy

what about the ssh keys ? lol

this crafted malware also used stored ssh keys on infected windows systems to login to AIS, HP-UX, and Solaris servers and try and wipe the MBR. If it was unable to wipe the MBR, it deleted the folders /kernel/, /usr/, /etc/, /home/.

2
0
Bronze badge

Re: what about the ssh keys ? lol

What happened to segregation of duties and least privilege?

0
0
Mushroom

Re: what about the ssh keys ? lol

It gets in the way of Agility, Extreme Programming, BYOD and whatever other latest Management Fad that hits the fan.

0
0
Mushroom

We are truly fortunate...

It is with greatest humility and admiration that we find our patch systems to be highly useful at doing much more than just making our computers run slower and inevitably need to be replaced as they start crashing from the continuous stream of CYA patch code.

Our computers become ever more needful of having multi-core systems with appreciable memory to run security software in the hopes that at least 5% of their processing power be left for doing other mundane activities, usually the tasks for which we purchased them in the first place despite the reality that the systems are probably already secretly compromised despite the 95% devotion of processing power for the prevention thereof.

Let the patches freely flow!

0
0
Alert

Malware can be the result of using pirated software. Is your company using unlicensed software? Unfriend your boss. Report software piracy now.

0
1
This topic is closed for new posts.