Researchers: Attacks on U.S., Korea sites came from U.K.

A security firm in Vietnam says it has traced the origin of the denial-of-service attacks to the U.K., contrary to speculation that North Korea was the culprit.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

July 14, 2009 8:36 a.m. PT

The denial-of-service attacks launched on Web sites in South Korea and the United States earlier this month appear to have come from a master server in the United Kingdom, according to security researchers in Vietnam.

The master server controls all of the eight command and control servers involved in the series of distributed denial-of-service attacks that started on the July 4 weekend, security firm Bkis said in a blog posting on its Web site on Monday. Bkis said it gained control of two of the servers.

The Vietnamese firm estimated the number of compromised PCs involved in the attacks to be around 167,000 in 74 countries.

Botnet expert Joe Stewart of SecureWorks told CNET News that that number sounded high. Security experts had been estimating that there were 50,000 infected PCs in the botnet.

The attacks targeted dozens of government and commercial sites in the U.S. and South Korea, causing temporary outages at many of them.

Code on the compromised PCs was set to erase or overwrite data late last week but researchers in the U.S. were not aware of any reports of that happening.