Cyber warfare: North Korea launches attack on US and South Korea

9 Jul 2009

North Korea is believed to be the culprit behind massive distributed denial-of-service attacks on multiple US and South Korean government, financial and media websites.

According to Symantec, a portion of the attack is being carried out by a piece of malware identified as w32.dozer and variants of the MyDoom worm that are infecting computers globally.

The attacks seem to be the most serious since 2003 when North Korea launched the Slammer worm.

Intelligence agencies in South Korea have been loathe to name North Korea as the perpetrator of the attacks, instead saying that “a State” is behind the attacks.

“Initially, it was reported that the attack leveraged more than 50,000 computers. The size of the botnet used for this DDoS is only a fraction of the one that is still being created by Downadup/Conficker, which was estimated at a few million machines at its peak.

“If the system is infected, the user may not experience any performance slowdown; however, users trying to visit the impacted sites may experience significant slowdown and inability to access the sites,” Symantec said this morning.

The cyber attack is understood to have disabled the websites of the Department of Homeland Security, the Secret Service, the Federal Trade Commission, the New York Stock Exchange and the Washington Post.

The attacks first began on Saturday 4 July, Independence Day in the US, but only became public in the past 24 hours.

By John Kennedy