Trojan update fingered for massive South Korean breach

Software company ESTsoft was responsible for a massive compromise of some 35 million South Koreans last month after it pushed out malware to some of the country’s largest web companies.

Unidentified hackers uploaded malware to an EFTsoft server through a common, vulnerable DLL module that the company used to send updates to its 25 million subscribers.

The malware and was subsequently uploaded to websites owned by SK Communications, including social networking site Cyworld.

Public notice

South Korea’s National Police Agency pinned the breach on the software provider, which operates popular anti-virus product AIYak.

An advisory issued by ESTsoft said hackers had uploaded a backdoor trojan dubbed SOGU, rated as highly dangerous by Trend Micro.

The software company had pushed out a patch and said it was working with South Korean law enforcement to investigate the breach.

A customer backlash had already begun. The Korea JoonGang Daily reported that the country’s biggest web portal NHN ordered that ESTsoft programs be deleted.

Other internet and web services providers said they were on the lookout for breaches.

The National Police Agency said it was unknown if the compromise also affected consumers using the anti-virus program.

If so, it could dramatically increase the number of people compromised in the attack by tens of millions.

The Malaysian News Agency reported that a South Korean man had filed damages against SK Communications for $2700 in compensation for the breach of his personal information.