Search in HRJ Tricks

Related Posts Plugin for WordPress, Blogger...

Friday, March 22, 2013

South Korea Cyber Attack, Wiper malware and Chinese IP Address

Yesterday we reported about a massive Cyber attack on South Korea that was responsible for shutting down networks of South Korean banks and TV broadcasters. Police are still investigating the cyber attack  but the country's Communications Commission has revealed that the hacking originated from a Chinese IP address...

Symantec Security team analyze the code used in the cyber attacks against South Korea and they discovered an additional component used in this attack that is capable of wiping Linux machines. 

The malware, which it called Jokra, contains a module for wiping remote Linux machines. 'The included module checks Windows 7 and Windows XP computers for an application called mRemote, an open source, multi-protocol remote connections manager.' Symantec said.

McAfee also published an analysis of the attack code, which wrote over a computer's master boot record, which is the first sector of the computer's hard drive that the computer checks before the operating system is booted. If the MBR is corrupted, the computer won't start.

'The malware specifically looks for login credentials saved by two specific SSH clients: mRemote and SecureCRT. It uses any stored root credentials to log into remote Linux servers: for AIX, HP-UX, and Solaris servers it deletes the MBR. If it is unable to delete the MBR, it instead deletes various important folders.' Trend Micro said in their report.

The malware also attempts to shut down two South Korean antivirus products made by the companies Ahnlab and Hauri.

The bash script is a wiper designed to work with any Linux distribution, with specific commands for SunOS, AIX, HP-UX distributions. It wipes out the /kernel, /usr, /etc, and /home directories.

A previous cyberattack on South Korea had been traced to North Korea using a Chinese IP address. At the time, North Korea blamed the US for the hacking. Officials stressed that the IP address did not reveal who was behind the attack, as hackers can route their attacks through addresses in other countries to obscure their identities


  1. It's perfect time to make a few plans for the future and it is time to be happy. I've learn this ρut uр and if I maу І wish to
    reсommenԁ уou few fascіnating іsѕues οr tіρs.
    Perhaps you cοuld write subѕеquent artіclеѕ relаting to this artісle.
    I wish to lеarn eѵen more thingѕ abоut it!

    My homepage ... twitting motels & journey

  2. Everyone loves it when folks get together and share views.
    Great blog, keep it up!

    Feel free to surf to my web-site: relax

  3. ӏt's going to be end of mine day, however before end I am reading this fantastic piece of writing to improve my experience of money.

    Here is my page; best buy loans

  4. Hi there mates, its wonderful article on the topic of cultureand completely defined,
    keep it up all the time.

    my homepage ::

  5. Your style is unique compared to other folks I have read stuff from.
    Thank you for posting when you have the opportunity,
    Guess I'll just bookmark this page.

    Feel free to visit my page - blog online