Dormant South Korean Botnet Attacks Governmental Websites Again

A botnet that laid dormant since last year, when it attacked U.S. and South Korean governmental websites, has awaken to life and hit them again two days ago. However, since the number of remaining infected computers was very low, the denial of service attempt was unsuccessful.

A year ago just after 4th of July the websites of numerous U.S. government agencies were hit by a massive Distributed Denial of Service attack. The source was traced back to tens of thousands of computers infected with a botnet client.

Most of the computers used in the attack were located in South Korea and Asia, which led to some people speculating that North Korea was behind the attack. This possibility was enforced by the fact that government and financial websites in South Korea were also hit. Security experts have recently stated that the attackers covered their tracks so well that finding the truth is virtually impossible.

The Washing Times reports that a small part of that botnet, comprised of hundreds of computers that haven't yet been cleaned, attempted new attacks against the same websites during the past few days. The targets include the WhiteHouse.gov website, as well as that of the South Korean Presidency.

Local investigators in South Korea, estimate that there are still about 500 computers infected with this botnet client in the country and less than that in countries like China, Japan, Britain or the United States. An analysis of the malware collected from one of these computers revealed that it is set to launch the attacks on July 7 every year.

Because of the low number of computers, the botnet's power is significantly reduced compared with last year. “[...] The attacks were so weak that there were no problems in accessing the sites," Jeong Seok-hwa, a local police officer told The Washing Times. Yesterday another sixteen websites were targeted again, but no disruptions of normal operations were recorded.