Korean group denies Aussie claims of infected servers

The Korean Network Information Centre has denied claims by an Australian security company that it is responsible for a large number of IP addresses that attempt to propagate the Nimda worm.

SYDNEY--The Korean Network Information Centre has denied claims by an Australian security company that it is responsible for a large number of IP addresses that attempt to propagate the Nimda worm.

Last week ZDNet Australia reported local security expert Glenn Miller as saying his company Janteknology had received an enormous number of malicious probes from the Korean Network Information Centre (KRNIC), a domain name registry.

However, KRNIC says that these IP addresses, registered in its name, have been assigned to local organisations, which are ultimately responsible for IP address management.

KRNIC representative Mooho Cheon told ZDNet Australia that these IP addresses are not used internally.

Today Glenn Miller said that one IP address (203.249.148.38) definitely belonged to KRNIC and that as a matter of “public service” KRNIC should notify their customers if they have attacking IPs.

However, KRNIC denied the attacking IP address was used internally. "The attacking IP address (203.249.148.38) is not under our management," Cheon said.

According to Cheon, KRNIC cannot contact end users to point out they are infected with viruses because it doesn’t have access that information.