Printed from www.pcpro.co.uk
Korean cyber attacks traced back to UK
Posted on 15 Jul 2009 at 16:34
A malware attack against South Korean and US government websites earlier this month may have come from a server in the UK, researchers claim.
Previously, experts suspected the attacks may have been based in North Korea, but fresh evidence has come to light.
Yesterday, Nguyen Minh Duc, the security director of Bach Khoa Internetwork Security (Bkis) wrote in a blog post that his firm helped analyse the 4 July weekend denial of service attacks following a request from the Korean Computer Emergency Response Team.
His team found the botnet sending out the malware. It was controlled by eight Command and Control (C&C) servers - two of which Bkis took over. Using those, they found the master server, which was controlling the eight C&C servers - and realised it was based in the UK.
"We found a master server located in UK which controls all of the eight C&C servers to make a series of cyber-attacks last week," he writes, explaining the IP address of the server was from the UK. "So the source of the attacks has been identified to be in UK."
Bkis has forwarded the IP address to US and Korean authorities, who are investigating the attack, and also contacted the British Government.
"Having located the attacking source in UK, we believed that it is completely possible to find out the hacker," he says, noting success in tracking the attackers depends on the US and Korean governments.
The Bkis claim was backed by the Korean Communications Commission, according to Korean media reports, but one official noted the attack may not have come from the UK, but merely been delivered through a hacked IP address.
Zombie army
Bkis also suggests the scale of the attack was larger than first estimated. Symantec said 50,000 zombie computers were involved, while the government of South Korea estimated 20,000.
"But, by taking control of two C&C servers and analysing logs on these servers, we count the exact number of zombies that have been querying C&C servers to receive commands," he says.
"Accordingly, there have been 166,908 zombies from 74 countries around the world that have been used for the attacks."
Author: Nicole Kobie
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
