McAfee: South Korean banks attack was motivated by destruction

March 24, 2013

Security vendor McAfee has published its finding on the malware used to attack six banks and broadcasters in Korea, saying the Internet-borne code overwrote the master boot record data, which is the first stage of bringing up the full operating system, on hard drives in the affected organizations. The American computer security company reveals that last week’s attack on banks and media organizations in South Korea featured destructive malware that overwrote data on thousands of computer hard drives, an analysis shows. They also detailed malware also overwrote random parts of the entire file system on drives, leaving many files unrecoverable.

The report shows how attackers ensured that it could carry on its destructive activities by ensuring the malware contained code to turn off two Korean antivirus programs, Ahnlab and Hauri. Once the overwriting of the boot record and files had completed, the malware would forcibly reboot the computers that in turn would be unable to start up again as the hard drives were corrupt. McAfee says there was no network component to the malware that appears to have been planted with the sole purpose of destroying data. Some 32,000 computers were infected by the large-scale attack in South Korea. The perpetrator of the attack is not yet known.

 

Contador Harrison