Article: "SKorean police: Hackers extracted data in attacks"

The link: http://apnews.myway.com/article/20090714/D99E3AB80.html

" SEOUL, South Korea (AP) - Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday. "

Lists of files, not the files themselves. This is getting more and more worrisome. At this point, I have to wonder if they've found the virus' entire payload. Suppose it used a zero-day exploit to install something else?

I can easily imagine why somebody would want lists of files, and that is because you'll never know what you'll find on a computer.

" The finding means that hackers not only used affected computers for Web attacks, but also attempted to steal information from them. That adds to concern that contaminated computers were ordered to damage their own hard disks or files after the Web assaults. "

This is going to sound strange, but it actually makes sense. After all, IP logs only go so far in determining whence the infection came from. At some point in the investigation, you'd need to have physical access to one of the contaminated computers in order to forensically examine it. This, obviously, becomes much harder if the hard disk were to become damaged.

At this point, I know that somebody's going to say "Just turn on Windows Update, the Windows Firewall, another firewall and a good anti-virus program and you're set."

Well ... no. Granted, that will deter a number of people. But if people are determined enough to get into your computer, odds are they'll find a way to do it. And it might not be your computer that they're interested in ... it could be your IP address. Think of it. Somebody hijacks your computer and uses it to spray 250,000 junk emails. As far as anybody knows, it was you that did it.

Or when your machine gets corrupted, it attempts to install malicious code onto other's computers. Again, the villain walks away. As far as anybody knows, it was you. It'll take somebody to examine your drive to determine that your machine had been compromised.