By Kim Tong-hyung
The malware responsible for the recent attacks on Korean websites has begun to damage the computers it successfully infected, the government announced Sunday.
This was of no surprise to scores of users who switched on their personal computers (PCs) on Saturday to find their data gone.
The website of Cheong Wa Dae and other major online destinations came under a series of distributed denial of service (DDoS) attacks last Friday, with the network of hijacked computers overloading the sites with data in an attempt to cripple them.
Although the cyber attack failed to meaningfully disrupt the functions of the websites, which were better prepared after enduring a massive DDoS in 2009 that crippled over 100,000 computers, the attackers appear to have saved their worst weapon for last. The malicious code responsible for spreading the assault apparently includes instructions to overwrite the hard drives of infected computers.
The state-run Korea Internet Security Agency (KISA) had expected the self-destruct orders to be activated four to seven days later. However, the authors of the worm obviously decided to destroy the compromised computers much sooner, leaving many users unprepared and with unbootable machines on Saturday and Sunday.
``This is pathetic,’’ said Jean Seo, a 34-year-old office worker, now left with a wiped-out LG Electronics laptop.
``I wasn’t the only person who brought a malfunctioning computer to an LG Electronics repair shop in my neighborhood on Saturday. But when I called KISA, they kept denying that my computer was damaged by a DDoS attack since the self-destruct orders were supposed to be activated after four to seven days, and they even refused to take my case. Now, with hard drives popping up here and there, they pretend as if the new order was detected on Sunday morning, which is ludicrous.’’
It’s imperative that users update or install anti-virus software on their computers, according to security firm, Ahn Lab.
Those who haven’t used their computers in the past few days are encouraged to boot their computers in safe mode first.
Free vaccines can be downloaded from the websites of security firms like Ahn Lab (www.ahnlab.com) and Bohonara (www.bohonara.or.kr).
A DDoS attack occurs when multiple systems are flooded with traffic that overwhelms their bandwidth or resources.
The malicious software used in the recent attacks was mostly "botnets," or software robots that run autonomously to initiate the DDoS attacks. The botnets compromise the infected computers and are manipulated by the command and control system set up by the hackers.
Since Friday, KISA has blocked around 730 Internet protocol addresses suspected of being used in the recent DDoS attacks.