Trend Labs documents multiple and extensive cyber-attacks, including Government web sites

QUOTE: Our investigation of the June 25 South Korea incident led us to the compromise of an auto-update mechanism attack scenario. As part of our continuous monitoring, we documented another scenario (presented in this blog entry) pertaining to a DDoS attack scenario launched at specific sites.  The recent attack against South Korean websites has revealed a certain similarity between this attack and the March 20 MBR Wiper incident: a time trigger.

Recall that the March 20 MBR wiper attack involved a malware that was set to wipe the MBR files of affected systems at specific times (triggers were set to either at or before 2PM on March 20, 2013, or 3PM or later on the same date. This trigger date is dependent on files downloaded from certain URLs that function, in effect, as commands that specify when the DDoS attack will occur. We also uncovered that the malware re-checks the trigger time to re-execute the DDoS component every 24 hours for 3 days to possibly ensure that the DDoS attack occurs for a specific duration of time.