Yesterday, Symantec published details about a new distributed denial-of-service (DDoS) attack carried out by a gang dubbed “DarkSeoul” against South Korean websites. We identified their previous attacks against South Korea, including the devastating Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and television broadcasters. As a result of our continued investigations into attacks against South Korea, we have come across a new threat—detected as Trojan.Korhigh—that attempts to perform a similar wiping action.
Similar to previous wipers encountered by Symantec in attacks against South Korea, Trojan.Korhigh has the functionality to systematically delete files and overwrite the Master Boot Record (MBR) on the compromised computer, rendering it unusable. The Trojan accepts several command line switches for added functionality, such as changing user passwords on compromised computers to “highanon2013” or executing specific wipe instructions related to the following file types:
asp
aspx
avi
bmp
dll
do
exe
flv
gif
htm
html
jpeg
jpg
jsp
mp4
mpeg
mpg
nms
ocx
php
php3
png
sys
wmv
The Trojan may also change the computer wallpaper as an indication of compromise. At this time, we cannot confirm the identity of the attackers.
Figure. Trojan.Korhigh wallpaper
The threat may also attempt to gather system information about the compromised machine (operating system version, computer name, current date) which it sends to the following IP addresses:
112.217.190.218:8080
210.127.39.29:80
Symantec is continuing its analysis of this threat and is monitoring on-going attacks against South Korea. To ensure the best protection, Symantec recommends that you use the latest Symantec technologies and up-to-date antivirus definitions.
Contributor: Avdhoot Patil
As usual, phishers continue to focus on social networking as a platform for their phishing activities. Fake social networking applications on phishing sites are not uncommon. Phishers continue to come up with new fake applica…
As more and more consumers and organizations alike rely on smartphones for everyday activities, having a functioning and secure mobile site is going to be even more important for retailers today. However, the bounce rates and low conversions for mobile sites still stand in the way of mCommerce becoming a viable channel for most online Read more…
Thursday is a fun day because we get to look back in time at how things were in the good ol’ days. It’s Throwback Thursday! AVAST is the world’s most popular antivirus software because our happy users recommend avast! Antivirus to their friends. Some think of creative ways to share. Here are a few examples: […]
Summer is here and with it comes that foreboding stretch of empty highway parents call summer break. Sure, it’s peppered with sun and fun, snow cones, a vacation perhaps, but then—sometime into the third week—comes the notorious whine “I’m boooooored!” Relax, technology is on your side during those long days, parents. So fire up your Read more…
As more people use mobile devices in their daily lives, those devices are rendering them increasingly vulnerable to infection through the very apps we rely on to make our lives easier. According to McAfee’s recent report, “Mobile Security: McAfee Consumer Trends Report – June 2013”, malware threats have not only increased for mobile devices, but Read more…
Today we released a new version of Norton Mobile Security for Android devices that contains our new Norton Mobile Insight technology. Mobile Insight has analyzed over 4 million Android applications and processes tens of thousands of new applications ev…
Yesterday, June 25, the Korean peninsula observed a series of cyberattacks coinciding with the 63rd anniversary of the start of the Korean War. While multiple attacks were conducted by multiple perpetrators, one of the distributed denial-of-service (DD…