South Korea Identifies Five IP Addresses Used to Attack Government Websites
The Korea Communications Commission stated that the virus behind a wave of cyber attacks that shutdown government websites in the US and South Korea was circulated by a host websites based in Austria, Georgia, South Korea, Germany and the US.
Although the list does not indicate to North Korea's involvement, it is likely that the attackers used a recognized IP addresses to masquerade themselves. For example, they have used systems from a distant place, though blocking of these system prevent them from being used again to circulate viruses or to conduct denial-of-service attacks.
However, South Korea and US officials state that they think North Korea was behind the attacks, but none of the restricted IP addresses - the web equal to a phone number or a street number - were for systems in North Korea.
Officials from South Korea said that the attacks could have been conducted by the supporters residing outside North Korea. IP addresses could also be bogus or disguised, veiling their right location.
Earlier, one of the ruling party lawmaker told the journalists that he was told by the National Intelligence Service (country's major spy agency) that the 86 IP addresses in 16 countries were used to create Web outages. None of those addresses belonged to North Korea.
Later, the commission official stated that those addresses were not used in the denial-of-service attacks. The harm from the latest viruses seemed to be small, with just 96 cases being reported in South Korea till now.
The series of DOS attacks started on the July 4 weekend and hit almost 36 major websites in South Korea and the US.
Meanwhile, the US security experts added that the creator of the attacks borrowed old code written by earlier malware authors to conduct the attacks and left no stone unturned to hide his code from being caught by antivirus applications.
Related article: South Korea Becomes Infamous For Being World’s Fifth Spamme
» SPAMfighter News - 28-07-2009