South Korea blocks IP addresses spreading computer virus

Five IP addresses used to distribute computer viruses that caused a wave of website outages in the United States and South Korea were identified and blocked, South Korea said Friday.

Five IP addresses used to distribute computer viruses that caused a wave of website outages in the United States and South Korea were identified and blocked, South Korea said Friday.

South Korean and American officials, who believe North Korea was behind the attacks, said none of the blocked internet protocol addresses — the web equivalent of a street address or phone number — were for computers in North Korea.

They were in Austria, Georgia, Germany, South Korea and the U.S., an official from the state-run Korea Communications Commission said. He spoke on condition of anonymity because he is not authorized to speak to the media on the record.

The addresses point to the computers that distributed the virus that triggered so-called denial-of-service attacks in which large numbers of computers try to connect to a single site at the same time, overwhelming the server.

The latest evidence does not clear North Korea of involvement.

The hackers are thought likely to have used the identified IP addresses to disguise themselves — for instance, by accessing the computers from a remote location — though blocking the IP addresses helps prevent those computers from being used again to distribute viruses.

South Korean officials have said the attacks could have been carried out by sympathizers who worked outside of North Korea. IP addresses can also be faked or masked, hiding their true location.

Other IP addresses also blocked

The official added that South Korea also blocked another 86 IP addresses in 16 countries that were used to spread different viruses that damaged hard disks or files in computers they contaminated.

Earlier in the day, ruling party lawmaker Chung Chin-sup said he was told by the country's main spy agency, the National Intelligence Service, that the 86 IP addresses were used to cause the web outages. None of them were in North Korea, according to another lawmaker.

But the commission official later corrected that those IP addresses were not used in the denial-of-service attacks. The damage from the new viruses appears to be small, with only 96 cases being reported in South Korea so far, the commission said in a statement.

U.S. sites hit over weekend

South Korean and U.S. websites experienced two waves of cyber-attacks earlier this week. A number of South Korean sites went down or have had access problems beginning late Tuesday.

Some South Korean sites hit in the past few days remained inaccessible or unstable on Thursday, including the National Cyber Security Centre, affiliated with the main spy agency. No major disruptions, however, were reported.

"The damage from the latest attack appears to be limited because those sites took necessary measures to fend off the attack," said Ku Kyo-young of the KCC.

A number of U.S. sites — including those belonging to the Treasury Department, Secret Service, Federal Trade Commission and the Transportation Department — were down last weekend.

Keynote Systems Inc., a California-based company that monitors website performance, told in an email Thursday that the sites for the U.S. Federal Trade Commission and the Department of Transportation have been hit particularly hard., which was shut down completely from Sunday morning to Monday night, is still running slowly, Keynote said. The Department of Transportation, meanwhile, was down from Saturday afternoon until Monday evening.

After the initial U.S. attacks, the White House, Pentagon and the Nasdaq stock exchange were also hit.

North Korea link

Legislative aides who requested anonymity because of the sensitivity of the matter claimed that South Korean intelligence officials believe North Korea or its sympathizers were behind the attack.

There has been little concrete evidence to back that assertion, although South Korean media reported in May that North Korea was running a cyber-warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.

Hong Hyun-ik, an analyst at the Sejong Institute think-tank, said the attack could have been done by either North Korea or China, adding that he "heard North Korea has been working hard to hack into" South Korean networks.

On Friday, South Korea's spy agency briefed lawmakers on circumstantial and technical reasons for believing that North Korea could be behind the attacks, Chung said without elaborating.

But it also cautioned it was too early to conclude that North Korea was responsible as the investigations were still underway, according to Park Young-sun, another member of the intelligence committee.

U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.

Three U.S. officials said this week while some IP addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il's government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.

With files from The Associated Press