A virus unleashed on South Korean computers as part of an alleged cyber-attack is expected to destroy the data stored on the 20,000 infected machines starting Friday, the South Korean government warned Thursday.
The state-run Korea Communications Commission (KCC) told South Korea's Yonhap news service that it had received a warning from the computer security company Ahn Lab that the so-called distributed denial-of-service (DDoS) virus would enter a new data destroying phase Friday.
Earlier, a state official reported that a new spate of cyber-attacks aimed at shutting down or slowing South Korean websites hit at least seven prominent targets Thursday.
A government site was among those targeted, while the remaining six were private, said Ku Kyo-young of the KCC.
About two hours after the latest assault, only one shopping site was not working normally. South Korea's Yonhap news agency had earlier reported that the website of the leading Kookmin Bank was down for about 30 minutes.
The South Korean Spy Agency, a leading bank and a top newspaper were among the targets, the BBC reported.
The newest attacks began around 6:30 p.m. local time Thursday (5:30 a.m. ET), Ku said.
Like previous assaults, the latest was also caused by so-called denial-of-service attacks in which floods of computers try to connect to a single site at the same time, overwhelming the server, he said.
U.S. sites hit over weekend
South Korean and U.S. sites experienced two waves of cyber-attacks earlier this week. A number of South Korean sites went down or have had access problems beginning late Tuesday.
Some South Korean sites hit in the past few days remained inaccessible or unstable on Thursday, including the National Cyber Security Centre, affiliated with the main spy agency. No major disruptions, however, were reported.
"The damage from the latest attack appears to be limited because those sites took necessary measures to fend off the attack," Ku said.
A number of U.S. sites — including those belonging to the Treasury Department, Secret Service, Federal Trade Commission and the Transportation Department — were down over the weekend.
Keynote Systems Inc., a California-based company that monitors website performance, told CBCNews.ca in an email that the sites for the U.S. Federal Trade Commission and the Department of Transportation have been hit particularly hard.
FTC.gov, which was shut down completely from Sunday morning to Monday night, is still running slowly, Keynote said. The Department of Transportation, meanwhile, was down from Saturday afternoon until Monday evening.
After the initial U.S. attacks, the White House, Pentagon and the Nasdaq stock exchange were also hit.
North Korea link
Legislative aides who requested anonymity because of the sensitivity of the matter claimed that South Korean intelligence officials believe North Korea or its sympathizers were behind the attack.
There has been little concrete evidence to back that assertion, although South Korean media reported in May that North Korea was running a cyber-warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.
Hong Hyun-ik, an analyst at the Sejong Institute think-tank, said the attack could have been done by either North Korea or China, adding that he "heard North Korea has been working hard to hack into" South Korean networks.