http://www.informationweek.com/news/showArticle.jhtml?articleID=218401559 By Thomas Claburn InformationWeek July 10, 2009 The botnet-driven cyber attack on government, financial, and media sites in the U.S and South Korea includes a newly discovered danger: The malicious code responsible for driving the distributed denial of service attack, known as W32.Dozer, is designed to delete data on infected computers and to prevent the computers from being rebooted. "Your machine is completely hosed at this stage," said Vincent Weafer, VP at Symantec Security Response. The malicious code includes instructions to start deleting files when the infected computer's internal clock reaches July 10, 2009. That's today. According to Weafer, the malicious code will attempt to locate files with any of more than 30 different extensions, such as .doc, .pdf, and .xls, copy the data to an encrypted file that's inaccessible to the user, and then overwrite the data in the original files. It targets files associated with office, business, and development applications. The malicious code is also programmed to modify infected computers' Master Boot Records. The change renders computers inoperable following any attempt to reboot. [...] _______________________________________________ Attend Black Hat USA, July 25-30 in Las Vegas, the world's premier technical event for ICT security experts. Network with 4,000+ delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Sun Jul 12 2009 - 23:06:53 PDT
This archive was generated by hypermail 2.2.0 : Sun Jul 12 2009 - 23:20:19 PDT