Botnet awakes in further South Korean attack

South Korea is increasingly looking like a nationwide botnet, as MyDoom malware implanted on thousands of PCs woke up, initiating a third wave of DOS cyberattacks on the country's government, business and media servers, The Washington Post reports.

Ahnlabs, the country's largest security company, predicted the explosion would set off at 6 pm local time. It did, but the predictions failed to understand just how many organizations were being targeted.

About half a dozen government Web sites not on the company's list, including those of parliament, the Defense Ministry and the Foreign Ministry, slowed down or temporarily stopped working. South Korea's main spy agency said that the "level of the attacks was highly organized and meticulously planned," indicating the work of "certain organizations or state."

We had some chatter the other day on what kind of OS was susceptible to this attack. Like this: "These are infected Windows operating system computers that are attacking the government sites. Will we ever learn? " And "I have no idea what the preferred operating system is in South Korea. Being an Asian country it is hard to say. It could be that a lot of the operating system are either Linux or pirated copies of Windows."

The question isn't what kind of servers are buckling under the denial of service attack, it's what kind of machines are being zombied. I really think there's no doubt about that. As Andrew Storms of nCircle wrote me yesterday:

When it comes to botnets, Windows is the predominant zombie system. In recent history, Botnets have left some of the largest and longest impressions on people. Conficker and Storm, to name two well known ones, received much attention from security professionals and main stream news. A DoS is an effective attack that if nothing else will raise awareness while chewing up tons of resources in time spent battling the traffic onslaught.

So what about North Korea? The South's National Intelligence Service failed to provide any further information on their earlier assertions the North was behind the attacks, as the National Assembly's intelligence did not meet. But that's not suprising, Storms said: "When reportedly government and news sites in the US are targeted along with South Korean entities, then its an easy leap to suspect state sponsored involvement given the on going tense public relations with North Korea." But it's "unlikely the US government would ever publicly state the source of the attack to be North Korea even if intelligence agencies believed it to be the case."