« Can Google beat Microsoft at its own game? | Main | Intel to launch 320GB SSD next week? »
Korean DDoS attacks traced to UK
Security researchers in Vietnam are warning that the recent denial of service attacks carried out on South Korean government and other critical national infrastructure sites originated in the UK.
Bach Khoa Internetwork Security (Bkis) staff said they were asked by the Korean Computer Emergency Response Team (KrCert) after the attacks to get to the bottom of where they came from.
On the firm's official blog, senior security researcher Nguyen Minh Duc said that it had located the botnet in question, controlled by eight command and control servers via code embedded in a file named "flash.gif".
"Especially, we found a master server located in UK which controls all of the 8 C&C servers to make a series of cyber-attack last week," wrote Duc. "So the source of the attacks has been identified to be in UK. The existence of master server has never been reported before."
After gaining control of two of the eight C&C servers, Bkis analysed the logs and found the IP address to be located in the UK.
The number of compromised computers used to launch the attacks is also likely to have been vastly underestimated, said Duc.
"During the past few days, the number of zombies has been estimated to be 50,000 by Symantec and about 20,000 by government of South Korea," he wrote.
"But, by taking control of two C&C servers and analysing logs on these servers, we count the exact number of zombies that have been querying C&C servers to receive commands. Accordingly, there have been 166,908 zombies from 74 countries around the world that have been used for the attacks."
The report has been backed by the Korean broadcasting regulator the KCC and law enforcers in the country are currently trying to work with the British government to track down the attack source.
This could be one for the newly formed Police Central e-crime Unit to co-ordinate from this end, although, as with all things involving geographical boundary-crossing, don't expect a result anytime soon.
The bad guys are still basically more agile and nimble than law enforcers when it comes to online transgressions.
You are writing about South Korea but your are showing a flag of North Korea. How stupid are you?
Posted by Tom G. | August 4, 2009 3:21 PM