South Korean websites suffer DDoS attack – who and why?

Malicious computer codes attacked South Korea’s major websites including the presidential office, overnment ministries sites and major financial institution websites, and managed to shut some of them down temporarily. The so-called distributed denial-of-service (DDoS) attack hit 29 institutions yesterday and another round of attack was reported this morning, but no significant damage was done. (Read Yonhap report on the details of the attack.[en])

Yesterday’s DDoS attack bears resemblance to the cyber attack in July 2009, South Korea’s major net security firm AhnLab said to local media outlets. Attackers hacked two local peer-to-peer file sharing sites (P2P) on Thursday to inject malicious codes in files. It were downloaded onto the so-called Zombie PCs and prompted the massive Zombie troop to carry cyber assaults. It is estimated between 4,300 and 11,000 computers were infected by malware.

South Korea’s Joongang Daily quoted industry sources that the size of the attack was significantly smaller than the July 2009 attack. After the 2009 attack, South Korea had tried hard to increase public awareness on the issue. For a DDos attack to succeed, hackers need to gather as many as Zombie PCs as possible. Not only the usual government campaigns and education were given to citizens, but even variety shows such as ‘Sponge’ had a special episode on the Zombie PC and DDos attack. As the attack started yesterday, the Korea Internet Security Agency (KISA) shared its special diagnostic test page on social networking sites so the computer users can check whether their computers have yet turned into a Zombie PC. Even the presidential house (@bluehousekorea) retweeted @withkcc’s shared links to free vaccine download sites, such as and

The Seoul Newspaper, quoting a security personnel from Ahn Lab, explained[ko] that South Korea’s heavy dependence on Microsoft made the country so vulnerable to DDos attack. Most South Korean users use Microsoft and its Active X and they often absentmindedly hit ‘confirm’ button when asked to install/update software. The attackers have injected virus and disguised them as one of these software updateds.

Kukinews quoted Police report [ko] suspecting North Korea of the crime, considering the fact that DC Inside Gallery was newly included on the attack list. The DC site hacked North Korean official website, Uriminzokkiri, and its YouTube and Twitter account two months ago. But more evidence is needed since the latest attack on DC site right after it hacked North Korean websites was done by a teenage South Korean hacker despite most people’s assumption that it was North Korea’s retaliation.