Saturday, July 11, 2009

Botnet Worm in DOS Wipes Data

Cnet News: The denial-of-service attacks against Web sites in the U.S. and South Korea that started last weekend may have stopped for now, but code on the infected bots was set to wipe data on Friday, security experts said.

There were no immediate reports of any of the compromised PCs in the botnet having files deleted, but that doesn't mean it wasn't happening or won't in the future, said Gerry Egan, a product manager in Symantec's Security Technology Response group. (Click here for Larry Magid's related podcast with Symantec expert.)

There are only about 50,000 infected PCs around the world being used in the attacks, which is relatively small compared to the millions that were infected with Conficker, he said. The attacks started over the July 4 weekend launching distributed DOS attacks on dozens of government and commercial sites in the U.S. and South Korea. The attacks, which resurged during the week at least twice, affected sites including the White House, the Federal Trade Commission, the Secret Service, and The Washington Post.

One of the files dropped on infected PCs is programmed to wipe out files on the PC, including a master boot record, which will render the system inoperable when the PC is rebooted, Symantec said. "Basically, your system is in trouble if this execut

[brb, reformatting]

No comments:

Post a Comment