Highly Dangerous 'Jokra' The Reason For S.Korea Attack: Symantec

The malware behind the attacks is capable of damaging systems on multiple platforms.     The recent security attacks against South Korea have generated wide interest among security brands across the globe. They are reportedly finding components of unknown entity in the code that have been designed to destroy the computers. Symantec, the renowned security solution provider has discovered a component inside the Windows malware that is generally known for erasing Linux machines only, as per Symantec's research. The malware, which it called Jokra, is unusual, Symantec said. "We do not normally see components that work on multiple operating systems, so it is interesting to discover that the attackers included a component to wipe Linux machines inside a Windows threat," the company said on its blog . Jokra as per Symanctec is highly dangerous for devices running Windows XP and 7 as it looks for a program called mRemote, which can be used to manage devices on different platforms. Apart from Symantec, another security major, McAfee has also voiced its opinion on the whole attack. It has talked about the impact of code written over computer's master boot record (MBR) which is essential for any operating system booting. A computer's MBR is overwritten with either one of two similar strings: "PRINCPES" or "PR!NCPES." The damage can be permanent, McAfee wrote. If the MBR is corrupted, the computer won't start. "The attack also overwrote random parts of the file system with the same strings, rendering several files unrecoverable, so even if the MBR is recovered, the files on disk will be compromised too," Jorge Arias and Guilherme Venere, analyst, McAfee were quoted as saying, the report added. The malware also attempts to shut down two South Korean antivirus products made by the companies, Ahnlab and Hauri. Another component, a BASH shell script, attempts to erase partitions Unix systems, including Linux and HP-UX. South Korea was hit by serious cyber attack on Wednesday that disrupted around three television stations and four banks in the country. Talking cautious step, the government has been told to handle the situation without blaming North Korea.