It is interesting to see how this malware attack in Korea focuses on wiping and destruction rather than information or data stealing. This attack is as much a cyber rampage as it is a cyber attack. In the past, attackers resorted to DDoS to take out a nation’s infrastructure, such as the 2007 attack in Estonia or the 2012 attack on American banks by a group claiming to be Iranian hacktivists.
The malware attack not only corrupts the master boot record (MBR), but also deletes the disk contents through direct access to \\.\PhysicalDrive, thus rendering the computer useless.
Additionally, the malware is time-based. This means that the malware was set to launch at a specific time: “14:00-20-Mar-2013″. Then the malware would check for a Windows version and launch a thread, which writes directly to the hard disk, thereby corrupting the MBR. Finally, it had evasion capabilities. The malware also checked for AhnLabs anti-virus—a Korean product—and disabled it. This indicates that the attackers were explicitly targeting Korea. FireEye detects these malware attacks as Trojan.Hastati.
read more.....http://www.fireeye.com/blog/botnet-activities-outbreaks/2013/03/more-insights-on-the-recent-korean-cyber-attacks-trojan-hastati.html