A third wave of cyber attacks hit South Korea on Thursday evening, blocking or impeding access to official and private websites, amid suspicions North Korea or its supporters are to blame.
AhnLab, a South Korean developer of anti-virus software, had forecast the virus, which hit dozens of US and Korean sites this week, would return at 6:00 pm Thursday and hit seven domestic sites.
"The third attack was bigger than our office had predicted, affecting some of the sites also hit earlier in the week," a company official told AFP around 7:00 pm. He had no immediate figures on the number of sites hit.
The websites of parliament, the defence ministry, the foreign ministry and the National Intelligence Service were either responding slowly or shut down intermittently.
The largest bank, Kookmin, also said access to its website was blocked at one point and it was trying hard to normalise Internet banking.
Officials at the government's Korea Information Security Agency told Yonhap news agency the damage appeared less serious Thursday thanks to concerted efforts to combat the problem.
Hackers have planted the viruses in thousands of personal computers in South Korea and overseas. In what is called a "distributed denial of service" (DDoS), they are programmed to swamp selected websites at selected times.
The White House, State Department and Pentagon websites were among government entities targeted this week in the United States, experts said, along with private institutions.
In response, the South Korean military said an information security command will be launched on January 1, two years earlier than planned, and become operational six months later.
The National Intelligence Service (NIS) said 12 South Korean and 14 US organisations were hit in the first wave early this week.
It said a second wave of attacks Wednesday was aimed at domestic banks and a security solution provider.
The NIS has not publicly suggested who is mounting the attacks.
But it told members of parliament's intelligence committee Wednesday that it believes the North or its sympathisers may be to blame, according to several legislators.
The North has staged a nuclear test and numerous missile launches in recent weeks, raising regional tensions. A cyber attack, if confirmed, would be a new tactic.
Yonhap quoted an NIS report to the committee as forecasting potential "financial chaos" in the event of a larger cyber attack.
It said the daily value of all online transactions in South Korea -- one of the world's most wired nations -- is six trillion won (4.7 billion dollars).
The NIS said the internal networks of the Seoul government are safe and no information has been leaked.
The Korea Information Security Agency said most sites had been restored after the first attacks began in the country late Tuesday -- using 12,000 domestic PCs and 8,000 abroad.
However it said the second round -- using 29,000 "hijacked" PCs -- hit one foreign site and 15 domestic sites, including government agencies, banks and a security solution provider.
Kwon Tae-Shin, senior secretary to the prime minister, described the viruses as "an attack on our system and a provocative activity which poses a threat to our security."
He was speaking after chairing a vice minister-level meeting on the incidents.
"This is the worst cyber attack I have seen in my 15-year career," AhnLab CEO Hongsun Kim told reporters. "This is an online equivalent of 9/11.
"I don't think an individual hacker can do this. This is an organised attack," he said, adding "very complicated" codes are being planted.