Weapons in Cyber Attack on South Korea Killed Targeted PCs
The cyber attack that rocked South Korean TV stations and banks yesterday apparently wiped out the hard drives of the affected computers, according to an analysis of the incident by McAfee.
The involved malware infections destroyed the master boot record of the hard drives of the machines attacked. The MBR on a hard drive contains crucial information on how file systems on the drive are organized. The malware involved overwrote data in the MBR with the following string of characters: “PRINCPES, PR!NCPES, HASTATI.” It also overwrote random parts of the file system with the same characters.
After that the system was given a forced reboot command, but because the MBR and file system had been corrupted, it was unable to restart, McAfee said in a blog post today.
Meanwhile, Renesys, the research company that closely monitors the pulse of the Internet, watched the attacks take place, and noticed what appeared to be a smaller, secondary attack against the network in North Korea. “It is impossible to know from connectivity measurements alone whether these outages were the direct result of cyber attacks,” the firm wrote in a corporate blog post. “However, given the recent rhetoric between these two nations, it is hard not to see these as ominous developments on the Korean peninsula.”