South Korea: Interested in Preventing Zombies, or just Spying?

South Korea has introduced the "Zombie PC Prevention Bill" in the interest of "promoting the use and propagation of security software". But is that all they want to do? Some are concerned that since the government would designate which security software is allowed, there might be an additional motive.

The bill also allows Korean Communications Commission agents to "examine the details of the business, records, documents and others" without a warrant. There would only need to be a suspicion that the individual or company has "violated the duty to use security software". So the government could pretty much get access to the information of any company or individual it wishes, only claiming that the person or company did not use the mandated software.

According to techdirt, around the same time that the goverment started pushing the Zombie PC Prevention Bill, a hard-drive destroying malware appeared. But the malware does not act in a way that makes much sense for creating zombie PCs. According to the Korean site Open Web, "To launch a DDoS attack, the attacker must amass a large number of zombie PCs. The attacker would have to put in some effort at this stage of the process. This is because it is not always easy to disseminate botnets (malware) without getting caught. It is a particularly risky stage of the operation. Once a herd of infected PCs have been obtained, it is important to maintain them."

But that would require keeping the malware under the radar so that the user doesn't know that the computer is infected. If they do, they will run anti-virus software, and remove the malware. But this latest malware damages the boot sector of the infected PC, and "act of killing the "troops" which he/she took pains to recruit." So the speculation is that the government has released this malware in order to win more people over to the new law. This is just speculation, but it is worrisome. And it is also troubling to have a government mandating what software people can put on their computers. Something to keep an eye on.

[via techdirt]