Earlier this week, we reported a series of attacks on key South Korean and U.S. government servers that took some of them offline. The attacks are still under investigation, but a blog post on the Washington Post’s website suggests that the botnet being used to deliver the DDoS (distributed denial of service) attack could self destruct.
An attack bot of this nature works by first infecting vulnerable computers around the world. The computer user is unaware of its presence and continues going about his business. Meanwhile, the bot uses that person’s computer to attack another, usually a server. With the coordinated effort of possibly thousands or even millions of computers, it easily disrupts service of the server or multiple servers. With some botnets, after the task is completed, they wipe the person’s hard drive.
According to security expert Joe Stewart, director of malware research at SecureWorks, this particular form of malware is a version of the Mydoom worm, includes a Trojan horse program that will overwrite all of the data on a victim’s hard drive. Microsoft Windows PCs are vulnerable to this attack, and experts believe that between 60,000 to 100,000 PCs may have been infected with the malware. South Korean government officials have also warned their citizens about this danger, saying that at least 20,000 PCs in South Korea are infected.