North Korean hackers are targeting South Korean Internet users with emails that purport to be updates on the MERS (Middle East Respitory Syndrome) virus, according to broadcaster KBS. [Update: See below]
A major outbreak of MERS has killed at least 14 people in the country, sickened 138 people and has close to 4,000 people in isolation so interest in the issue is high.
On Friday, KBS said a trojan virus in the emails had been traced back to North Korea.The broadcaster showed video of the email being opened and a Microsoft Word file being downloaded. That file contained the Swrort trojan virus, according to Symantec.
The file name, translated from Korean, is “MERS_List of hospital and infected patient.docx.exe.”
The virus dates back to 2010 and “can give a malicious hacker access to your PC to download other malware,” according to Microsoft. It’s relatively easily stopped by any modern anti-virus scanner.
Communications from the malicious software was traced back to a North Korean Internet address: 188.8.131.52. The address is one of 1,024 registered and controlled by the country.
North Korea has been accused of carrying out hacking attacks on businesses in South Korea and the U.S. and typically, when it’s accused by name, the evidence comes in the form of an IP address that hacking software reports back to.
But Symantec, which didn’t name North Korea, said it found that “the remote host which the malware is configured to connect to is not responding,” which raises questions about its effectiveness or whether the address is something left over from a previous campaign.
Earlier this week, the South Korean government lent the North thermal scanners for use at the Kaesong Industrial Zone that houses South Korean factories just inside the North Korean border. The scanners will help detect if anyone coming into the industrial park is running a fever and so could be infected with MERS.
On Saturday, a day after the KBS report aired, North Korea angrily reacted to its contents.
In a statement carried by the state-run Korea Central News Agency and attributed to its Committee for Peaceful Reunification of Korea, the country called the claims “another base conspiratorial racket” and the report “another hideous reckless provocation against the DPRK.”