June 18, 2018, 03:53:01 PM

Author Topic: "Malicious code" doing the rounds  (Read 5820 times)

Offline mikeymike

  • Newgookin
  • Posts: 4
  • Gender: Male
"Malicious code" doing the rounds
« on: March 07, 2011, 08:18:27 AM »
Hi all, there's apparently some nasty code going around messing with people's PC's here in South Korea. It apparently destroys files on the HDD :o

Government computers were being targeted a few days back but now there's a new variety doing the rounds affecting other South Korea computers.

Read the article at (http://www.todayonline.com/World/EDC110307-0000146/S-Korea-warns-computer-users-of-malicious-code-on-the-Internet)

Get the scanner at (http://www.ahnlab.com/kr/site/html/main/main.html) If you can't read Hangeul, look on the left of the screen - there is a rectangular blue box ,near the bottom is a little disk. Click on this to download the scanner :)

Offline Arsalan

  • Site Programmer
  • Hero of Waygookistan
  • *
  • Posts: 1816
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #1 on: March 07, 2011, 09:31:15 AM »
Hey Mike,

Thanks for that info, I think there are people with PCs here that will appreciate it.

Carpe PM... ZzzzzZzzz ZzzzZzzz.

Offline Paul

  • Featured Contributor
  • The Legend
  • ***
  • Posts: 2056
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #2 on: March 07, 2011, 01:50:34 PM »
Uhm, the real problem is in that link exactly. Ahnlab. 30% virus allowance rate, rated 3rd worst amongst something like 100 pieces of "functional" retail antivirus software. By comparison, Avast Home (free) and Microsoft Security Essentials (free) are ranked in the top five with allowance rates in the 0.1-0.2% range and few if any false positives. I'd suspect a lot of kickback money exchanges hands to ensure Mr Ahn keeps his government contract and media support (Korea's most trusted Korean 3 years running by one source).

Given that the Ahnlab rogueware itself blocks installation of any real software though, and cannot be removed, the link is muchly appreciated.
« Last Edit: March 07, 2011, 01:52:28 PM by Paul »
More primary school colours and shapes activity ideas and resources than you'd ever need - here
Holy free educational fonts Batman!

Offline rhafrika

  • Veteran
  • **
  • Posts: 94
  • Gender: Female
Re: "Malicious code" doing the rounds
« Reply #3 on: March 07, 2011, 01:59:09 PM »
I've heard of this too but my teacher gave me a different site to download something from: boho.or.kr  And if I read what you wrote correctly are you implying that the anti-virus software is part of the problem. So if I have anti-virus software from the States on my home computer I should be okay? I'm just worried since I just heard about it today at school so I haven't taken any steps to check my home computer yet.

Offline Paul

  • Featured Contributor
  • The Legend
  • ***
  • Posts: 2056
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #4 on: March 07, 2011, 02:09:12 PM »
Maybe, maybe not. I'd definitely trust anything over a company with a monopoly and no incentive to actually solve any problems any day. I love that they write off any viruses as being from "outside of Korea" or if found to have come from Korea then "North Korean". Sigh.

Also, how exactly does one attack a harddrive? How is this any different from just a normal bit of malicious code? My gut feeling is someone in the big blue V is full of s...cones. Delicious scones.
More primary school colours and shapes activity ideas and resources than you'd ever need - here
Holy free educational fonts Batman!

Offline girodimo

  • Adventurer
  • *
  • Posts: 36
  • Gender: Male
  • Middle School English Teacher
Re: "Malicious code" doing the rounds
« Reply #5 on: March 07, 2011, 02:15:26 PM »
Thanks for the recommendation Paul. I've used Malwarebytes for a year now. I like the simplicity of it, but I'll give your recommendations a try.

Off topic a little: is there a way to permanently disable Ahnlab autoscan. Do i need administrative privileges? I may have to talk to the computer guy here.

Offline Paul

  • Featured Contributor
  • The Legend
  • ***
  • Posts: 2056
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #6 on: March 07, 2011, 02:16:15 PM »
Also, the few times I did use my USB from my school computer to my home computer, it was loaded with malware simply from having been connected to the computers at school.

I regularly find it brushes over unwanted executables getting plonked on my USB, even after a manually initiated scan... executables with months to years old virus names actually in the filename. Like, quite literally a file that does what it says on the tin. Ctrl+F and an itchy delete key has actually proven more effective at neutralising threats at school. Despite this, the company claims it has a 100% success rate verified independently without a single false positive reading. Odd because all the independent tests I've read report nothing higher than 99.% with a small but real false positive rate. I hear Daiso sells fingerpuppets.
More primary school colours and shapes activity ideas and resources than you'd ever need - here
Holy free educational fonts Batman!

Offline rhafrika

  • Veteran
  • **
  • Posts: 94
  • Gender: Female
Re: "Malicious code" doing the rounds
« Reply #7 on: March 07, 2011, 02:22:46 PM »
So still a bit confused. I forget which anti virus software I have on my laptop. Something I got through Best Buy. I've had no problems so far. Should I trust the info my co-teacher gave me? haha and she did mention this might be an attack from North Korea. I had a hard time believing that. hahaha!

Offline Halcyon

  • Veteran
  • **
  • Posts: 111
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #8 on: March 07, 2011, 03:32:01 PM »
I have to agree with the comments about Ahnlab.  That program is absolutely ridiculous when it comes to the number of viruses that get past its defenses.  I used to have tons of problems with both of my computers at school.  I disabled Ahnlab and then installed Avast! on both.  After a boot-time scan and about 100+ viruses later, on each system, problems solved.

If you're not techie enough to deal with Ahnlab and install another anti-virus program such as Avast! or AVG, then well, I just feel sorry for you because of the issues you're inevitably going to encounter.  I would suggest just going ahead and installing another AV program even if you don't know how to or can't uninstall/disable Ahnlab but I'm not sure what kind of compatibility issues you might run into or if the install would get past Ahnlab's "functional" (*cough*) security measures...:/

Offline ariybird

  • Veteran
  • **
  • Posts: 114
  • Gender: Female
Re: "Malicious code" doing the rounds
« Reply #9 on: March 07, 2011, 03:52:08 PM »
Yeah- mostly AhnLab pops up at annoying times, refuses to leave, and provides very little protection to your computer. I took the advice of a colleague when i got here and NEVER take my USBs home. They are strictly for school use only. If I have to I'll email files from home to my school email (never the other way around), but I try hard not even to do that. Problems with infecting my home PC solved.
 
   Sorry to say, but if you are motivated in using pictures or other materials in class, you will probably end up with a virus at least once. I also use Malbytes AntiMalware coupled with Spybot Search and Destroy. Both are free and work pretty well. Both also require very little PC knowledge to install and maintain. (Although you may want to not install the teatimer option on Spybot. It can be overhelpful and frighten your Korean coteachers with accept/deny messages. There is an option when downloading. Just unclick the box.) Otherwise, it's worked really well for me.

Note: You might want to warn your Korean teacher before putting it on the main computer. However, your 'personal' work computer shouldn't be a problem. 
« Last Edit: March 07, 2011, 03:54:14 PM by ariybird »

Offline anichion

  • Veteran
  • **
  • Posts: 230
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #10 on: March 07, 2011, 07:55:04 PM »
Of course, a LOT of the vulnerabilities with Korean computers would be resolved almost overnight if people here would just upgrade from IE6.1. For god's sake people, USE A MODERN BROWSER! I can't understand people's attachment to the ratty thing, though my co-teachers have said that one issue is legacy software and some other non-school related crap. No wonder Korea gets hit by a lot of cyber attacks- so many computers on the network here are running obsolete software with sketchy protection!
*end rant*

Offline sweet_potato

  • Super Waygook
  • ***
  • Posts: 397
  • Gender: Female
Re: "Malicious code" doing the rounds
« Reply #11 on: March 08, 2011, 09:29:09 AM »
For a country so technologically advanced, it's quite sad to see how little people (Korean teachers) actually know. I literally witnessed one teacher show another how to "copy and paste" and she clapped with joy - she's like 30. Are you serious?

Likewise, my computer is littered with malware, and everytime I plug my usb into anything, my antivirus programs detect it. I tried to log into NH online banking at home using my own antivirus program (and not ahnlab) and it freaked out. The online banking website itself is pretty stupid too. Everytime I want to see my transaction history, my bank account is pre-selected on there, and when I click "go" it says "select bank account". So then I have to un-select it, click "go" again, it tells me again "select bank account", and then the third time it always works. What the hell???? My Canadian online banking loads up 100% accurately on every computer I've ever used, in any browser. .... sorry, rant.

But yes, the virus thing doesn't surprise me, it seems like the systems are very vulnerable.

Offline rhafrika

  • Veteran
  • **
  • Posts: 94
  • Gender: Female
Re: "Malicious code" doing the rounds
« Reply #12 on: March 08, 2011, 09:33:33 AM »
Of course, a LOT of the vulnerabilities with Korean computers would be resolved almost overnight if people here would just upgrade from IE6.1. For god's sake people, USE A MODERN BROWSER! I can't understand people's attachment to the ratty thing, though my co-teachers have said that one issue is legacy software and some other non-school related crap. No wonder Korea gets hit by a lot of cyber attacks- so many computers on the network here are running obsolete software with sketchy protection!
*end rant*

HAHAHAHA! Yes. I helped my co-teacher download chrome and she was in shock at how fast it is. I simply told her bluntly that Internet Explorer is very slow. She was surprised. And she frequently asks me to help her do the most basic things in powerpoint and she's not even old. It does surprise me considering the technologies that Korea spits out and how connected this country is. Also, I downloaded the "vaccine" that my co-teacher told me to for my home computer and my computer was unaffected. I suspect it was a bad antivirus program.

Offline pyeager

  • Fanatical Supporter!
  • Veteran
  • ***
  • Posts: 221
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #13 on: March 08, 2011, 09:35:19 AM »
I, too, have to strongly recommend against AhnLab products, at least whatever the V3 is. Besides being ineffective, it's nearly impossible to uninstall. I voluntarily put it on my machine awhile ago, realized it was way to slow, and getting it off was nearly impossible. There was something in the registry that made it download and reinstall itself! Steer clear.

Offline Arsalan

  • Site Programmer
  • Hero of Waygookistan
  • *
  • Posts: 1816
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #14 on: March 08, 2011, 09:42:04 AM »
I've never used Ahnlab, so I'll take everyone's word for it :)

I typically work on a mac, but on PCs I either have ESET nod32 with Malwarebyte both running.  They don't conflict as one targets general malwayre/spyware and ESET does work to stop viruses.

I've had great success with malwarebyte's anti-malware, a bunch of companies are trying to buy them out for their spyware scanning engine software, but I think they're holding off.  Good for them :)
Carpe PM... ZzzzzZzzz ZzzzZzzz.

Offline machoman

  • Veteran
  • **
  • Posts: 91
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #15 on: March 08, 2011, 10:25:43 AM »
i got the same notice about the malicious virus going around.  i did an ahnlab scan this morning.  after reading this thread, i downloaded avg and so far 2 trojans have appeared.  i read that avast is better, so i'm going to install that next.  thanks guys. 

Offline sweet_potato

  • Super Waygook
  • ***
  • Posts: 397
  • Gender: Female
Re: "Malicious code" doing the rounds
« Reply #16 on: March 08, 2011, 10:35:31 AM »
Of course, a LOT of the vulnerabilities with Korean computers would be resolved almost overnight if people here would just upgrade from IE6.1. For god's sake people, USE A MODERN BROWSER! I can't understand people's attachment to the ratty thing, though my co-teachers have said that one issue is legacy software and some other non-school related crap. No wonder Korea gets hit by a lot of cyber attacks- so many computers on the network here are running obsolete software with sketchy protection!
*end rant*

HAHAHAHA! Yes. I helped my co-teacher download chrome and she was in shock at how fast it is. I simply told her bluntly that Internet Explorer is very slow. She was surprised. And she frequently asks me to help her do the most basic things in powerpoint and she's not even old. It does surprise me considering the technologies that Korea spits out and how connected this country is. Also, I downloaded the "vaccine" that my co-teacher told me to for my home computer and my computer was unaffected. I suspect it was a bad antivirus program.

The issue is that Korean websites don't work on Chrome! This includes online banking :@

Offline Paul

  • Featured Contributor
  • The Legend
  • ***
  • Posts: 2056
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #17 on: March 08, 2011, 10:58:20 AM »
The thing with Internet Banking kinda changed late last year... kinda. Some legal requirements changed a little. Baby steps guys.

I get worried seeing people here continually downloading a private build of chrome with 1-click "IE tab functionality"* without the need to download an extension. For banking reasons. The build's not malware, but this software (not going to name it lest I promote it) is just maintained by two people and infrequently updated thus leaving it without the latest security patches...

NEWS:
Microsoft actually launched a campaign this week to stamp out IE6 usage the world over. No, seriously, the site is here:
http://ie6countdown.com/

Problem? The site is useless because it comes in the following choices of languages:
English (US)

And IE6 holdouts mostly are from:
Korea (South)
China

Still, please do your bit guys! SHOW this site to anyone English speaking in your school when they have a free moment, ask them to spread the word in Korean too. And show them Google Chrome or Firefox too. Things don't change because people don't complain, and people don't complain because they don't know any different. It's in everybody's best interests, not just Microsoft's. Presently, Korea's biggest defense against banking security breaches is the language barrier but if the country is intent on opening up to the world, that safety blanket might start wearing thin...

* Yes, that's right. There is an extension to Chrome that lets you open an "IE tab" that I presume just has the signature and page loading quirks of IE7 or something to fool browser specific sites.

Re: Avast! vs AVG. At risk of igniting a Holy War, I'm going to recommend Avast! out of the two for anyone setting up a new machine. I used to use AVG, but back in... I think 2008? they silently cut some sort of greyware scan or something from the free product, made that feature pay only. Hazy memory so you'd have to web search. Whether Avast! has that today or not is another matter, but it made me switch at the time and never look back. The real freebie debate nowadays is MSE vs Avast! I feel. For pay products, IT gurus at previous jobs recommended ESAT NOD32 and TrendMicro, and both ranked very highly on the independent report I read a while back.
« Last Edit: March 08, 2011, 11:09:21 AM by Paul »
More primary school colours and shapes activity ideas and resources than you'd ever need - here
Holy free educational fonts Batman!

Offline Paul

  • Featured Contributor
  • The Legend
  • ***
  • Posts: 2056
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #18 on: March 08, 2011, 11:22:20 AM »
For Korean work machines, I'd recommend Microsoft Security Essentials the highest. Why? Because its Microsoft and thus funded by OS sales, it will be free for the long haul. I doubt Avast! or AVG will be going under, but they do require an eye kept on them; specifically the annual free re subscription and new client install process which can get fiddly with permissions. Also, I know with 100% certainty that MSE comes in Korean as well as English.
More primary school colours and shapes activity ideas and resources than you'd ever need - here
Holy free educational fonts Batman!

Offline Paul

  • Featured Contributor
  • The Legend
  • ***
  • Posts: 2056
  • Gender: Male
Re: "Malicious code" doing the rounds
« Reply #19 on: March 08, 2011, 01:01:16 PM »
Undoubtedly, but you'd expect with the Kobaco anti-piracy campaign that public sector schools (which have regular Korean staff turnover, so info maintenance info can't be passed down so easily) wouldn't be resorting to piracy now, wouldn't you?
More primary school colours and shapes activity ideas and resources than you'd ever need - here
Holy free educational fonts Batman!