South Korea Attacks Spread by Hacked Antivirus Updates

  • 1 Replies
  • 853 Views
*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10660
South Korea Attacks Spread by Hacked Antivirus Updates
« on: March 25, 2013, 07:02:09 AM »

Fake update file wiped drives.

Hackers broke into anti-virus vendors to distribute malware used to wipe data across computers used by high profile South Korean organisations, researchers found.

Fortinet labs senior manager Guillaume Lovet said hackers first stole administrator login information from security vendors' patch management server.

“With the login information, the hackers created malware on the patch management server that masqueraded as a normal signature update file,” Lovet said.


http://www.scmagazine.com.au/News/337617,south-korea-attacks-spread-by-hacked-antivirus-updates.aspx

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: South Korea Attacks Spread by Hacked Antivirus Updates
« Reply #1 on: March 25, 2013, 01:10:10 PM »
This definitely feels like a government based attack.  Normally speaking, malware developers are operating for profit.  Killing the host machine, stops the profit.
Very scary that they could plant the virus in the AV update server.  One would think that AV companies would have better security.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte