Amid a new wave of attacks hitting government and media networks in South Korea, researchers have uncovered yet another piece of malware that destroys sensitive hard drive data and renders computers unusable.
Trojan.Korhigh, as the new wiper program is called by security firm Symantec, contains the same kind of functionality that simultaneously shut down the networks of a half-dozen banks and broadcasters in March. Like the earlier Jojka malware, Korhigh can permanently destroy stored data and overwrite a hard drive's master boot record, which contains information required for computers to reboot.
Korhigh accepts several commands that allow attackers to inflict additional damage. One "switch" changes passwords on compromised computers to "highanon2013" according to a blog post published Thursday by Symantec. Another wipes specific types of files, including those that end in .gif, .php, .dll, and 21 other extensions. Korhigh's discovery on Thursday came a day after Symantec researchers said they had identified the hacking group responsible for the March attacks. The newly identified DarkSeoul group is also responsible for a new wave of attacks that hit South Korea on Tuesday and were timed to coincide with the 63rd anniversary of the state of the Korean War.