back to article South Korea data-wipe malware spread by patching system

South Korea's data wiping malware that knocked out PCs at TV stations and banks earlier this week may have been introduced through compromised corporate patching systems. Several South Korean financial institutions - Shinhan Bank, Nonghyup Bank and Jeju Bank - and TV broadcaster networks were impacted by a destructive virus ( …

COMMENTS

This topic is closed for new posts.
  1. Inachu
    Mushroom

    WOW

    That is what you get for hiring low cost IT people who work for slave wages.

    This is why you hire good people for a pretty penny!

    1. VaalDonkie

      Re: WOW

      You can give me an ugly penny if you give me enough of them.

    2. Anonymous Coward
      Anonymous Coward

      Re: WOW

      WOW, their security must all completely suck balls if attackers could access internal corporate patching systems from externally. I bet they were running LAMP or some other Linux stack without proper isolation and firewalls...

      1. kain preacher Silver badge

        Re: WOW

        I'm sure the words "nothing could go wrong" or " what's the worst that could happen " were uttered by management.

      2. Wzrd1

        Re: WOW

        I'm betting it was a WAMP platform, with a spear phishing attack on the administrator, who used the same username and password on a VPN connection to remote in to work.

        Then, they used something like SCCM to push out malware that blew off the MBR.

        Pity that an MBR error is so irreparable. They should invent something called fdisk and give if an /mbr switch.

  2. auburnman
    Joke

    Somewhere in the West, in a dimly lit government bunker...

    "Shit! Guys, the orders were to launch cyberattacks on NORTH Korea!"

    1. Justice
      Trollface

      Re: Somewhere in the West, in a dimly lit government bunker...

      'Muricans.

      1. Wzrd1

        Re: Somewhere in the West, in a dimly lit government bunker...

        Nah, too low tech for an American trick. An American attack would try to release the magic smoke from something.

        Or at least run the printers out of toner...

  3. Anonymous Coward
    Anonymous Coward

    South K's problem is that they still rely on Active X controls & IE6/7 for just about any online transactions. For example... http://www.techdirt.com/articles/20120507/12295718818/south-korea-still-paying-price-embracing-internet-explorer-decade-ago.shtml

  4. tony trolle
    Unhappy

    what about the ssh keys ? lol

    this crafted malware also used stored ssh keys on infected windows systems to login to AIS, HP-UX, and Solaris servers and try and wipe the MBR. If it was unable to wipe the MBR, it deleted the folders /kernel/, /usr/, /etc/, /home/.

    1. Wzrd1

      Re: what about the ssh keys ? lol

      What happened to segregation of duties and least privilege?

      1. gollux
        Mushroom

        Re: what about the ssh keys ? lol

        It gets in the way of Agility, Extreme Programming, BYOD and whatever other latest Management Fad that hits the fan.

  5. gollux
    Mushroom

    We are truly fortunate...

    It is with greatest humility and admiration that we find our patch systems to be highly useful at doing much more than just making our computers run slower and inevitably need to be replaced as they start crashing from the continuous stream of CYA patch code.

    Our computers become ever more needful of having multi-core systems with appreciable memory to run security software in the hopes that at least 5% of their processing power be left for doing other mundane activities, usually the tasks for which we purchased them in the first place despite the reality that the systems are probably already secretly compromised despite the 95% devotion of processing power for the prevention thereof.

    Let the patches freely flow!

  6. No Piracy
    Alert

    Malware can be the result of using pirated software. Is your company using unlicensed software? Unfriend your boss. Report software piracy now.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019