Websites belonging to numerous U.S. and South Korean government agencies, as well as some other large commercial ones, have been under attack for the past several days by computers infected with a new piece of malware. The widespread DDoS assault resulted in slow responses from the targeted websites and even downtimes in some cases.
One of the most affected agencies was, apparently, the Federal Trade Commission, whose website went offline for several hours on Monday and was still reported to experience problems on Tuesday. The Department of Transportation, the Federal Aviation Administration or the Department of Treasury also had serious problems with keeping their websites accessible, according to The Register.
Unnamed security researchers working on investigating the incident told the Washington Post, which was also affected, that the culprit was a new piece of malware that infected over 60,000 computers. The vast majority of compromised systems participating in the attack are located in the Asia-Pacific region, particularly in South Korea.
An analysis of the botnet client revealed that the hit list was quite extensive, counting 26 targets from both the U.S. and South Korea. The Republic of Korea National Assembly website, as well as those belonging to the Korean Presidency (Blue House) and Foreign Minister were also on this list and have reported problems. There is yet no evidence as to who might be behind the DDoS, but the BBC reports that Yonhap, South Korea's state-sponsored news agency, points at North Korea as a possible origin of the attack.
The attack was not complex in nature and reportedly consisted only of repeated HTTP requests sent to the website. It is unclear how such a rudimentary technique was supposed to affect the likes of yahoo.com or amazon.com, which were also on the list of targets along with the websites of the New York Stock Exchange, NASDAQ, several South Korean banks and the Washington Post.
Some of the experts familiar with the attacks actually expressed surprise over the level of damage they caused, claiming that blocking them should be fairly easy. The Shadowserver Foundation, a volunteer group, which tracks cybercriminal activities, has registered a lot of activity on its DDoS meters starting on Monday, coinciding with the timing of these attacks.