Investigation of government DDoS attacks deepens

Share this article:
After much speculation that North Korea was responsible for the cyberattacks against U.S. and South Korean websites, new evidence shows that the attacks trace back to a "master server" in the U.K.

But a cybersecurity expert in the United States warned that before declaring the case closed, it would be wise to consider whether the master server was compromised and controlled by someone else.

Vietnamese security vendor, Bach Khoa Internetwork Security, reported in a blog post on Tuesday that it analyzed a sample of the malware used in the attacks, said to be a variant of the MyDoom worm. The researchers were able to trace the sample, provided by the Korean Computer Emergency Response Team, back to eight command-and-control servers connected to a master server based in the U.K.

By gaining control of two of the eight command-and-control servers, the researchers were able to analyze their logs and find the IP address of the master server they were being controlled by, they said.

“Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker,” Bach Khoa said in its blog post.

But Marcus Sachs, director of the SANS Internet Storm Center, said this does not necessarily mean the attack was launched by someone in the U.K.

“Just because a ‘master' has an IP address registered in the U.K. does not mean that a person in the U.K. is behind it all,” Sachs told in an email Tuesday.

It is possible that whomever is responsible for the attacks is leveraging other compromised machines, located outside of the U.K., to give the master its instructions, Sachs said.

In its analysis, Bach Khoa also found that 166,908 compromised machines from 74 countries were used to launch the attacks. Formerly, cybersecurity researchers believed that up to 60,000 zombies were used in the attack. Most of the offending machines were located in South Korea, the United States and China.

Share this article:

Next Article in News

Sign up to our newsletters

More in News

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.

Six charged in global StubHub scheme, company defrauded out of $1 million

Six charged in global StubHub scheme, company defrauded ...

Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.