100,000 PCs wiped as malware pulls “Kill OS” trigger

May 8, 2009
100,000 PCs wiped as malware pulls “Kill OS” trigger

If ever there was a good reason to keep your computer spyware-free, this is it.  Last month a group of more than 100,000 Windows-based PCs saw their operating systems self-destruct, after the botnet that infected them issued the "nuclear option".  Little-used, though apparently present in several different types of trojan, the "kos" or "kill operating system" command basically wipes access to the user's system.

Use of such a feature is generally considered counterproductive to a botnet user's primary goal, which is to acquire as many passwords, credit card details and internet banking credentials as possible, without the computer's owner being aware.  Security experts are now debating why this recent botnet - which consisted of PCs primarily in Poland and Spain - self-destructed.

One theory is that it was done to delay individuals from discovering their accounts had been compromised.  S21sec's Jozef Gegeny suggests that the self-destruct in effect "[takes] the victim away from [their] Internet connection - before the unwanted money transfer is realized and further actions could be taken."  Another possibility is user error: Roman Hüssy, who oversees botnet-tracker site Zeustracker, described the typical user of such a malware network as "not very skilled".

The "kos" command is confirmed to be present in the latest versions of the Zeus trojan.  For more details on the malware - which offers hackers access to the compromised computers for just $700 - check here.

[via Slashdot]

More on Computing