Experts finger disk-wiping badness used in S Korea megahack

http://www.theregister.co.uk/2013/03/22/sk_megahack/

"Antivirus firms have identified the main malware behind a major internet attack that hit corporate computer networks in South Korea on Wednesday afternoon. However the source and motives behind the attack remain a mystery. Researchers have dubbed it DarkSeoul.

Computer networks at three South Korean TV stations and at least two major banks - Shinhan and NongHyup - were crippled by data-wiping malware. Internet banking and ATM services at Shinhan Bank were reportedly affected by the surprise assault. Broadcasters KBS, MBC and YTN remained able to stick to their programming schedule despite being left with many hobbled PCs.

Screenshots of affected machines posted on Twitter show machines that failed to boot up properly.

At around the same time the website of Korean network provider LG U+ was defaced by the "Whois Team." The defacement featured a picture of three skulls together with alongside a taunting message that stated "User Accounts and All Data are in Our Hands. Unfortunately, We have deleted Your Data. We'll be back Soon."

LG U+ provided internet services for at least some of the firms involved and may have been a conduit in the attack.

The malware at the centre of the attack, dubbed DarkSeoul by Sophos and Jokra Trojan by Symantec, is not particularly sophisticated. "Sophos products have been able to detect the malware for nearly a year, and the various commands embedded in the malicious code have not been obfuscated," the antivirus firm reports..."