A couple days ago there was reported massive Cyber Attack on South Korea that was responsible for shutting down networks of South Korean banks
and TV broadcasters. Police are still investigating the cyber attack
but the country's Communications Commission has revealed that the
hacking originated from a Chinese IP address.
Symantec Security team analyze
the code used in the cyber attacks against South Korea and they
discovered an additional component used in this attack that is capable
of wiping Linux machines. The malware, which it called Jokra, contains a module for wiping remote Linux machines. 'The
included module checks Windows 7 and Windows XP computers for an
application called mRemote, an open source, multi-protocol remote
connections manager.' Symantec said.
Are Researchers say that "The malware specifically looks for login credentials saved by two
specific SSH clients: mRemote and SecureCRT. It uses any stored root
credentials to log into remote Linux servers: for AIX, HP-UX, and
Solaris servers it deletes the MBR. If it is unable to delete the MBR,
it instead deletes various important folders." The malware also attempts to shut down two South Korean antivirus products made by the companies Ahnlab and Hauri.
No comments:
Post a Comment