By Thomas Claburn
July 10, 2009
The botnet-driven cyber attack on government, financial, and media sites
in the U.S and South Korea includes a newly discovered danger: The
malicious code responsible for driving the distributed denial of service
attack, known as W32.Dozer, is designed to delete data on infected
computers and to prevent the computers from being rebooted.
"Your machine is completely hosed at this stage," said Vincent Weafer,
VP at Symantec Security Response.
The malicious code includes instructions to start deleting files when
the infected computer's internal clock reaches July 10, 2009. That's
According to Weafer, the malicious code will attempt to locate files
with any of more than 30 different extensions, such as .doc, .pdf, and
.xls, copy the data to an encrypted file that's inaccessible to the
user, and then overwrite the data in the original files. It targets
files associated with office, business, and development applications.
The malicious code is also programmed to modify infected computers'
Master Boot Records. The change renders computers inoperable following
any attempt to reboot.
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com