In the anti-virus company Symantec today said they analyzed the code used during yesterday’s cyber attack on South Korean bank and TV servers.
The company came to the conclusion that, for a massive attack used Windows-malware, which has in its composition module to remove the information including the Linux-machines. According to Symantec, the malware was named Jokra and is a rather unusual development.
“We are quite rare components of malicious programs that run on a set of operating systems at once, so the code in this regard is quite interesting. Interesting to see how attackers trying to hurt Linux-machines even when the code was originally created under Linux”, – is spoken in Symantec.
Inside Jokra also have components test version of Windows using the program mRemote, which places the modules for remote control of different platforms.
According to official data, South Korea is now investigating the next attack. It is known that within it hit four banks and a number of local TV stations. Today, representatives of South Korea said that a cyber attack was carried out with the Chinese IP-addresses. Some time ago, the Korean telecom regulator said that hackers used a Chinese IP-addresses and to attack with the aim of placing malicious code on Korean computers. They also state that have not yet completed the investigation and continue to search for the final attack organizers.
Recall that in 2009, South Korea has repeatedly said on cyber attacks against her, but so far Seoul always accused North Korea of their organization.
“Unidentified Chinese hackers used IP-addresses to communicate with servers Korean organizations and the arrangement of the malware. At this stage, we continue to make efforts to establish the source of the attacks. While we do not make any conclusions, but at the same time, nothing not rule out “- has twisted the head of Korean telecom regulator Pak Jae-moon.
McAfee anti-virus company today also published the details of your inquiry.