Cyber Attack Code kills infected PCs

Sponsored Links
Find high paying job. It's quick! It's Free!!	Earn some quick money by spending just 5 minutes!!

The botnet-driven cyber attack on government, financial, and media sites in the U.S and South Korea includes a newly discovered danger: The malicious code responsible for driving the distributed denial of service attack, known as W32.Dozer, is designed to delete data on infected computers and to prevent the computers from being rebooted, a shocking revelation made today by Network Computing.

The malicious code includes instructions to start deleting files when the infected computer's internal clock reached July 10, 2009. "Your machine is completely hosed at this stage," said Vincent Weafer, VP at Symantec Security Response.

According to Weafer, the malicious code will attempt to locate files with any of more than 30 different extensions, such as .doc, .pdf, and .xls, copy the data to an encrypted file that's inaccessible to the user, and then overwrite the data in the original files. It targets files associated with office, business, and development applications. The malicious code is also programmed to modify infected computers' Master Boot Records. The change renders computers inoperable following any attempt to reboot.

The impact of this self-destruct sequence should be minimal, however. Weafer said that he expects only a few thousand machines will be damaged. "I don't expect this to be a major issue, except perhaps in South Korea," he said.

The South Korean Intelligence Service estimated that about 20,000 compromised computers —mostly in South Korea—had been ordered to conduct a Distributed Denial of Service (DDoS) attack on U.S. and South Korean sites. Given the timing, which coincided with a North Korean missile test, suspicions have been raised about the involvement of hackers in North Korea or possibly China.