New disk wiper malware linked to attacks in South Korea, researchers say

The malware is similar to the one used against South Korean banks and TV broadcasters in March, Symantec researchers said

A new piece of malware designed to delete files from hard disk drives and render computers unable to boot targets South Korean users, according to researchers from security firm Symantec.

The malware is similar to the Jokra Trojan program that was used in March to wipe the hard drives of computers belonging to several banks and TV broadcasters in South Korea, leading to significant disruptions of their operations.

The attack in March was attributed by security experts to a hacker gang called "DarkSeoul" that's also believed to be responsible for the distributed denial-of-service attacks from Tuesday against South Korean websites, including that of South Korean President Park Guen-hye.

The new hard-drive wiper malware is called Trojan.Korhigh and was found by Symantec researchers during their investigations into cyberattacks in South Korea. "Trojan.Korhigh has the functionality to systematically delete files and overwrite the Master Boot Record (MBR) on the compromised computer, rendering it unusable," the Symantec researchers said Thursday in a blog post.

The Master Boot Record (MBR) resides at the beginning of a storage drive and contains information about how that drive is partitioned. It also includes boot code that runs before the operating system starts. If the MBR is missing, a computer will no longer be able to load the operating system.

In addition to overwriting the MBR on compromised computers, the Korhigh Trojan program can also wipe files with specific extensions, including executable files, libraries, Web pages, videos and images.

The malware can also be instructed to change the user passwords on the infected computers to highanon2013 and to replace the desktop wallpaper with an image that mentions a group called High Anonymous.

Korhigh gathers information such as the operating system version, the computer's name and the current date from infected computers and uploads the data to remote servers, the Symantec researchers said.

South Korean officials frequently blame North Korean hackers for cyberattacks against local organizations and websites. However, there is also technical evidence linking some computer attacks in South Korea to Chinese-speaking hacker groups.

Earlier this week, researchers from Israeli security firm Seculert reported that a piece of malware called PinkStats has been used by Chinese hackers to compromise over 1,000 computers belonging to dozens of organizations in South Korea, including many educational institutions.

The identities of the attackers behind the Korhigh Trojan program cannot be confirmed, the Symantec researchers said, noting that their investigation of the threat continues.

Tags symantecsecuritySeculertmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?