What is now being called the 7.7 DDoS Attack, which paralyzed major websites in Korea on July 7, is confirmed to have spread from two domestic online storage services, called "webhards," in Seoul and Busan. The command and control servers for the attack, which are believed to have given attack and suicide orders, were found to be based overseas.
According to a communication by the National Police Agency's counter-cyberterrorism response center on July 27, the attackers initially hacked two webhard sites in Seoul and Busan and infected their programs with a malicious trojan. Users of the webhard service then had the trojan downloaded to their computers, where it waited for further instructions. Computers that had been infected with the malicious virus turned into zombies that carried out C&C's attack and suicide orders.
A total of nine C&C servers in six countries including Germany, the United States and Thailand were found to give instructions to zombie computers. Police found out that out of 55,596 worldwide zombie computers that had transmitted systems information to the server in Germany alone, 54,628, or 98 percent, turned out to be based in Korea.