Stewart said he tested the self-destruct Trojan in his lab and found that it indeed erases the hard drive on the compromised system. For now, however, the Mydoom component isn't triggering that feature.
"One possibility is there's a bug in the code and it's supposed to run but it doesn't," Stewart said. "Or, there may be a time factor involved, where it's not supposed to erase the hard drive until a certain time."
As for possible origins, there were only hints. One researcher, Joe Stewart, of Secureworks’ Counter Threat Unit in Atlanta, said the attacking software contained the text string “get/China/DNS,” with DNS referring to China’s Internet routing system. He said that it appeared that the data generated by the attacking program was based on a Korean-language browser.
報告者のJoe Stewart(SecureWorks)曰く (スコア:5, 参考になる)
タレコミ内の Security Fix 記事より、
ゴミデータで上書きして消去するトロイの木馬が見つかったが、今のところ Mydoom コンポーネントはその機能の引き金ではない、とのこと。
Secureworks News 経由でCyberattacks Jam Government and Commercial Web Sites in U.S. and South Korea [nytimes.com]には
ともある。
モデレータは基本役立たずなの気にしてないよ