AOH :: ISNQ5178.HTM

Cyber Attack Code Starts Killing Infected PCs




Cyber Attack Code Starts Killing Infected PCs
Cyber Attack Code Starts Killing Infected PCs



http://www.informationweek.com/news/showArticle.jhtml?articleID=218401559 

By Thomas Claburn
InformationWeek
July 10, 2009

The botnet-driven cyber attack on government, financial, and media sites 
in the U.S and South Korea includes a newly discovered danger: The 
malicious code responsible for driving the distributed denial of service 
attack, known as W32.Dozer, is designed to delete data on infected 
computers and to prevent the computers from being rebooted.

"Your machine is completely hosed at this stage," said Vincent Weafer, 
VP at Symantec Security Response.

The malicious code includes instructions to start deleting files when 
the infected computer's internal clock reaches July 10, 2009. That's 
today.

According to Weafer, the malicious code will attempt to locate files 
with any of more than 30 different extensions, such as .doc, .pdf, and 
.xls, copy the data to an encrypted file that's inaccessible to the 
user, and then overwrite the data in the original files. It targets 
files associated with office, business, and development applications.

The malicious code is also programmed to modify infected computers' 
Master Boot Records. The change renders computers inoperable following 
any attempt to reboot.

[...]


_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods