South Korea's data wiping malware that knocked out PCs at TV stations and banks earlier this week may have been introduced through compromised corporate patching systems. Several South Korean financial institutions - Shinhan Bank, Nonghyup Bank and Jeju Bank - and TV broadcaster networks were impacted by a destructive virus ( …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 25th March 2013 15:23 GMT Inachu

WOW

That is what you get for hiring low cost IT people who work for slave wages.

This is why you hire good people for a pretty penny!

0 0
1. Monday 25th March 2013 15:44 GMT VaalDonkie
  
  Re: WOW
  
  You can give me an ugly penny if you give me enough of them.
  
  0 0
2. Monday 25th March 2013 16:51 GMT Anonymous Coward
  
  Re: WOW
  
  WOW, their security must all completely suck balls if attackers could access internal corporate patching systems from externally. I bet they were running LAMP or some other Linux stack without proper isolation and firewalls...
  
  1 2
  1. Monday 25th March 2013 17:03 GMT kain preacher
    
    Re: WOW
    
    I'm sure the words "nothing could go wrong" or " what's the worst that could happen " were uttered by management.
    
    0 0
  2. Tuesday 26th March 2013 14:32 GMT Wzrd1
    
    Re: WOW
    
    I'm betting it was a WAMP platform, with a spear phishing attack on the administrator, who used the same username and password on a VPN connection to remote in to work.
    
    Then, they used something like SCCM to push out malware that blew off the MBR.
    
    Pity that an MBR error is so irreparable. They should invent something called fdisk and give if an /mbr switch.
    
    1 0
Monday 25th March 2013 16:29 GMT auburnman

Somewhere in the West, in a dimly lit government bunker...

"Shit! Guys, the orders were to launch cyberattacks on NORTH Korea!"

9 0
1. Monday 25th March 2013 16:40 GMT Justice
  
  Re: Somewhere in the West, in a dimly lit government bunker...
  
  'Muricans.
  
  1 0
  1. Tuesday 26th March 2013 14:33 GMT Wzrd1
    
    Re: Somewhere in the West, in a dimly lit government bunker...
    
    Nah, too low tech for an American trick. An American attack would try to release the magic smoke from something.
    
    Or at least run the printers out of toner...
    
    1 0
Monday 25th March 2013 16:59 GMT Anonymous Coward

South K's problem is that they still rely on Active X controls & IE6/7 for just about any online transactions. For example... http://www.techdirt.com/articles/20120507/12295718818/south-korea-still-paying-price-embracing-internet-explorer-decade-ago.shtml

0 0
Tuesday 26th March 2013 01:30 GMT tony trolle

what about the ssh keys ? lol

this crafted malware also used stored ssh keys on infected windows systems to login to AIS, HP-UX, and Solaris servers and try and wipe the MBR. If it was unable to wipe the MBR, it deleted the folders /kernel/, /usr/, /etc/, /home/.

2 0
1. Tuesday 26th March 2013 14:34 GMT Wzrd1
  
  Re: what about the ssh keys ? lol
  
  What happened to segregation of duties and least privilege?
  
  0 0
  1. Sunday 31st March 2013 19:09 GMT gollux
    
    Re: what about the ssh keys ? lol
    
    It gets in the way of Agility, Extreme Programming, BYOD and whatever other latest Management Fad that hits the fan.
    
    0 0
Wednesday 27th March 2013 05:36 GMT gollux

We are truly fortunate...

It is with greatest humility and admiration that we find our patch systems to be highly useful at doing much more than just making our computers run slower and inevitably need to be replaced as they start crashing from the continuous stream of CYA patch code.

Our computers become ever more needful of having multi-core systems with appreciable memory to run security software in the hopes that at least 5% of their processing power be left for doing other mundane activities, usually the tasks for which we purchased them in the first place despite the reality that the systems are probably already secretly compromised despite the 95% devotion of processing power for the prevention thereof.

Let the patches freely flow!

0 0
Wednesday 3rd April 2013 08:16 GMT No Piracy

Malware can be the result of using pirated software. Is your company using unlicensed software? Unfriend your boss. Report software piracy now.

0 1