[ISN] 'Hero Gye-Baek' Computer Mystery Solved, Hacker Jailed

From: InfoSec News (alerts@private)
Date: Tue Mar 06 2007 - 22:18:12 PST


Mar. 7, 2007

Last June the phrase "Hero Gye-baek" was the most popular topic searched 
for on several Korean Internet portals. But who was Hero Gye-baek? He 
wasn't in the news, nor was he a celebrity. In fact, almost nobody knew 
what the words meant. And yet at its height tallies showed 1.6 million 
Hero Gye-baek searches were being done every day, far more than the 
normal 500,000 mark for other popular search terms and they were coming 
from thousands of different computers. Eventually the police launched an 

On Tuesday, a person named Baek who operated business "T" was arrested 
in Yeouido for criminally triggering the searches. Baek, police say, had 
infected computers with a malicious code that told the machine to 
automatically search for "Hero Gye-baek" whenever somebody logged onto 
the Internet. Baek was testing if search lists could be manipulated with 
the code, and eventually his criminal acts were uncovered.

Baek had since April 2004 operated website "T" which provided television 
shows, movies, and radio. To access the service users had to download to 
their personal computers a program, but Baek's malicious code was hidden 
inside. The program changed Internet Explorer's start page to an 
advertisement site connected to an online shopping mall. Baek received a 
0.2 to 2 percent commission from the online mall whenever netizens with 
Baek's code made purchases. In three years, Baek raked in W560 million 
(US$1=W948) in commissions.

Meanwhile, infected users were unable to delete the program. Not only 
was there no automatic removal function, even if the original program 
was deleted the code could still manipulate the computer because it 
altered the machine's start-up system to prevent it being totally 
erased. More than a million personal computers were infected.

The Cyber Terror Response Center of the National Police Agency arrested 
Baek and two other programmers on Tuesday. A police official said, 
"Because the malicious code was hidden in a regular program, netizens 
were unable to find the cause of their computer problems." Police 
advised people to check their computers regularly with software from 
reliable companies.

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Tue Mar 06 2007 - 22:22:20 PST