South Korea under cyber attack

South Korean officials are reporting that over 40 high profile websites from 29 institutions have fallen victim to a DDoS cyber attack. This sites include the National Assembly, the Cheong Wa Dae, Government departments, various military areas, the Korea-based US Forces and a number of major banks. This is similar to a 2009 attack focused against the Government only.

It is thought the cyber 'terrorists' inserted malware code into a number of peer-to-peer websites used in Korea, this led to up to 11,000 computers becoming part of a so called botnet. The foray caused websites to become overloaded with data and crash servers using a distributed denial-of-service (DDoS) attack. Even stock trading was effected, for a few minutes, bringing one system completely down as well as the Financial Services Commission website.

According to the National Police Agency, the South Korean Government has sent it's Cyber Investigation Unit to the two file sharing websites that are thought to have spread the malicious code. An official from the presidential office confirmed the attack quoting "There was a DDoS attack, but no damage was done".

This may increase tensions between the two Koreas after the 2009 attacks were blamed on the communist state, although this was never proved. AhnLab, the countries top IT company has released a free tool for users to remove any suspicious software. They also expected additional attacks to commence at 18:30 local time, there have been no reports to confirm this happened.

Image Credit: Yonhap

Report a problem with article
Previous Story

China Mobile Exec: Apple wants to release an LTE iPhone

Next Story

Patch Tuesday: March 2011 edition

32 Comments

Commenting is disabled on this article.

as if we didn't have enough **** to deal with in this world... now people are gonna fight each other on the internet too.

one would think north korea would lack the facilities/infrastructure to actually do a decent ddos. Probably wouldn't stop them from hiring one though maybe.

Digitalx said,
one would think north korea would lack the facilities/infrastructure to actually do a decent ddos. Probably wouldn't stop them from hiring one though maybe.

I think it's clear that the article states there was a botnet used to make the DDoS attack, which means a malware infected computers around South Korea to make the attack.

alessandroasm said,
A lot of ppl would be mad if blizzard's servers were attacked too...

That's probably what it would take for SK to finally invade .

alessandroasm said,
A lot of ppl would be mad if blizzard's servers were attacked too...

LMAO!!! OMG this one is so funny (and true too) !!! damn how to "like" this comment!

And what is antivirus companies doing in not catching the malware ???

South Koreans are pretty intelligent community, I dont think they are running pirated software and not using AVS !!!!

Choto Cheeta said,
And what is antivirus companies doing in not catching the malware ???

South Koreans are pretty intelligent community, I dont think they are running pirated software and not using AVS !!!!

Think about what you are writing for a second. How are people (antivirus companies) supposed to create a patch to remedy the infection without knowing how it works? You can't just expect a piece of code to heal everything on your computer. In that case why not create an antivirus that deletes viruses ahead of time? Come on.

Choto Cheeta said,
And what is antivirus companies doing in not catching the malware ???

South Koreans are pretty intelligent community, I dont think they are running pirated software and not using AVS !!!!

You do understand how antivirus programs work and why they have constant updates right? You can't catch malware if it's unknown, unless your antivirus program can travel into the future.

TRC said,

You do understand how antivirus programs work and why they have constant updates right? You can't catch malware if it's unknown, unless your antivirus program can travel into the future.

Obviously I dont understand, if I did, I would have been working for some major giant

But as a end user point a view, I thought there is something called "behavior based scanning" engines what modern security software relay more than signature based operation..

Clearly there must be something wrong when multiple installation detect similar rouge activity from a same software (later which can be tagged as malware)..

The problem is that the malware turns off the antivirus completely when you get infected so your little "behavior based scanning" is turned off as well.

So now the antivurs or OS or whatever has to be updated to fix the whole the malware used to infect you in the first place. Then you verify you can catch the malware doing its thing. "behavior based scanning" is far from perfect, never will come close.

It's a cat and mouse game and 99% of the time the mouse (the malware) is winning.

Choto Cheeta said,

Obviously I dont understand, if I did, I would have been working for some major giant

But as a end user point a view, I thought there is something called "behavior based scanning" engines what modern security software relay more than signature based operation..

Clearly there must be something wrong when multiple installation detect similar rouge activity from a same software (later which can be tagged as malware)..

The behavior based or heuristic scanning you're talking about isn't going to detect a small piece of code that occasionally checks for new commands but doesn't do anything else. That behavior is not suspicious. It's only a few kb of network traffic.

You mentioned multiple installations with the same activity but the problem with that is the separate installations don't talk to each other. At best you have some corporate suites that do a sort of application logging which can be aggregated and compared within the owning corp but publicly it's very different. A million different installs on a million different computers in a million different households will not talk to each other and compare notes.

Tim Dawg said,
The behavior based or heuristic scanning you're talking about isn't going to detect a small piece of code that occasionally checks for new commands but doesn't do anything else. That behavior is not suspicious. It's only a few kb of network traffic.

You mentioned multiple installations with the same activity but the problem with that is the separate installations don't talk to each other. At best you have some corporate suites that do a sort of application logging which can be aggregated and compared within the owning corp but publicly it's very different. A million different installs on a million different computers in a million different households will not talk to each other and compare notes.

I heard about Microsoft Forefront where multiple engine is used for single security product [], but i guess that's only a server and "cloud" based solution..

http://www.microsoft.com/forefront/en/us/default.aspx

Don't know if some how that concept would have been helpful here or not !!!!

I'm not much of an advocate of war, but if this is North Korea then for God's sake, just invade already and take Kim Jong-il out already. He's attacked several times, killing many people in the process and the living conditions the majority of the brainwashed North Koreans live under are atrocious.
Unlike the West's controvertial, mostly-unwanted war in Iraq, nobody (other than Maybe China) would condemn South Korea at all.

Kushan said,
I'm not much of an advocate of war, but if this is North Korea then for God's sake, just invade already and take Kim Jong-il out already. He's attacked several times, killing many people in the process and the living conditions the majority of the brainwashed North Koreans live under are atrocious.
Unlike the West's controvertial, mostly-unwanted war in Iraq, nobody (other than Maybe China) would condemn South Korea at all.

It's obvious you are not an advocate of war because you don't know how this **** goes. If it were so easy to invade a country nowadays the order of our world would be entirely and completely different.

And you are wrong, South Korea would be condemned, after all you are not only invading a government's country but its people as well. Military people are a different kind, sometimes not respecting human rights at all.

Kushan said,
I'm not much of an advocate of war, but if this is North Korea then for God's sake, just invade already and take Kim Jong-il out already. He's attacked several times, killing many people in the process and the living conditions the majority of the brainwashed North Koreans live under are atrocious.
Unlike the West's controvertial, mostly-unwanted war in Iraq, nobody (other than Maybe China) would condemn South Korea at all.

+1000000000000000000000000000000000000000000000000000000

Rodrigo said,

It's obvious you are not an advocate of war because you don't know how this **** goes. If it were so easy to invade a country nowadays the order of our world would be entirely and completely different.

And you are wrong, South Korea would be condemned, after all you are not only invading a government's country but its people as well. Military people are a different kind, sometimes not respecting human rights at all.


Haaaaaaaa!, the voice of reason, or not.

Pam14160 said,
Haaaaaaaa!, the voice of reason, or not.

To be fair he has a point, if anyone invaded North Korea the death count would be unimaginable.

For one thing, South Korea's capital is within range of North Korea's long range artillery. For another, you're attacking a nuclear power with an enormous stock of chemical and possibly biological weapons.

Couple that with an obsessive and slightly deranged populace... go figure, I'd rather just let them be, and hope they can be brought round through trade and economic development like most other countries have been.

Nihilus said,

To be fair he has a point, if anyone invaded North Korea the death count would be unimaginable.

For one thing, South Korea's capital is within range of North Korea's long range artillery. For another, you're attacking a nuclear power with an enormous stock of chemical and possibly biological weapons.

Couple that with an obsessive and slightly deranged populace... go figure, I'd rather just let them be, and hope they can be brought round through trade and economic development like most other countries have been.

US could "easily" take the north out if they wanted too. All before the north and its allies would have a chance in hell to even launch a single missile. The US watches them 24/7!