I've been seeing these articles about the Korean MBR wiper malware everywhere. Typical of these articles in this one on Wired, which states:
Contained within that file was a hex string (4DAD4678) indicating the date and time the attack was to begin—March 20, 2013 at 2pm local time (2013-3-20 14:00:00).
My problem: 0x4DAD4678 equals 1303201400 decimal. That value gives me a date of :
Tue, 19 Apr 2011 04:23:20
Which is the date Skynet went online.
Nice touch. I like that. No coincidence there.
For "March 20, 2013 2pm KST" (assuming Korean Standard Time is "local time" in Korea), I get a decimal value of 1363755600 or 0x51494250 hex.
All these articles make the same claim.
Am I doing it wrong?
