Cyberattacks identified as a modification of five-year-old virus

Key Defense Department Web sites in South Korea remain unavailable as hackers continue their attacks against South Korean and U.S. government sites.

The U.S. Computer Emergency Readiness Team identified the attacks, known as Distributed Denial of Service, as a modified version of the "My Doom" virus, which in 2004 infected more than 1 million computers worldwide, said industry sources who declined to be identified. My Doom contains a payload, which uses infected computers to launch denial-of-service attacks.

A spokeswoman for the Homeland Security, which manages the emergency readiness team, declined to comment.

The cyberattacks appeared to take down the main Web site of U.S Forces Korea, which was unreachable on Wednesday and Thursday. Trace route commands, used to track hops from northeast New Mexico to the command's Web site, timed out at a Nippon Telegraph & Telephone domain in Japan, an indication that site was down and unreachable.

Trace routes to the headquarters of the Web site operated by the 8th U.S. Army in Korea and the overall Army domain in Korea, korea.army.mil, also timed out at the same NTT domain.

The trace routes were run at 10:30 pm EDT (9:30 am in Seoul, South Korea) on Wednesday, and at 11am EDT (midnight in Seoul) and 1 p.m. EDT (2 a.m. in Seoul) on Thursday. The sites were never reached and timed out in Japan. Several attempts to run trace routes to military Web sites in South Korea did not make it out of the United States, because of the dynamic routing of the Internet, and timed out at a Qwest domain in Denver.

A Pentagon spokeswoman declined to discuss the ongoing wave of cyberattacks and did not acknowledge that the attacks had crippled military Web sites in Korea. Air Force Maj. Maureen Schumann, a Defense spokeswoman, said the attacks had no impact on military operations. "There are millions of scans -- not intrusion attempts, just scans -- of the Global Information Grid per day, and we defend in depth every day," she said.

South Korean Web sites were hit again on Thursday, according to the Yonhap News Agency, which said key government and private Web sites reported "temporary paralyses or severe access disruptions."

Kevin Coleman, senior fellow at the Technolytics Institute, a cyber think tank in McMurray, Pa., said circumstantial evidence indicates North Korea was behind the attacks, which he considered "an act of aggression." He speculated North Korea launched the attacks in response to sanctions against North Korean weapons exports imposed in June by the United Nations, with strong backing by the United States.

North Korea infected 60,000 computers that it can control to continue the cyberattacks, which have been launched by cyberwarfare organizations that may be similar to Unit 121, which works for the General Staff Department of the Ministry of People's Armed Forces. Unit 121 operates out of a hotel in Shenyang, China, said Coleman, who added North Korea most likely has used several Chinese Internet service providers to coordinate the current round of attacks.

The South Korean Ministry of Defense decided today to push up establishment of a cyber command from 2012 to next year, Yonhap News reported. In May, South Korea and the United States signed an agreement to work together on cybersecurity.