South Korea network attack 'a computer virus'

Disruption that paralysed the computer networks of broadcasters and banks in South Korea appears to have been caused by a virus, an official close to the investigation has told the BBC.

The official said it was believed a "malicious" code was to blame for the system failure.

He said investigators were trying to identify and analyse the virus.

Last week, North Korea accused the US and its allies of attacks on its internet servers.

In the latest incident, two South Korean banks, Shinhan Bank and Nonghyup, and three TV stations KBS, MBS and YTN, all reported that their networks had suddenly shut down on Wednesday afternoon.

The BBC's Lucy Williamson in Seoul says that, for one of the world's most networked populations, South Korea has had more than its share of cyber attacks.

North Korea has been blamed for several breaches over the past few years, she says.

Initially, South Korea's Communications Commission suspected a cyber-attack. However, the BBC was later told that experts had concluded it was not a denial-of-service attack, of the kind South Korea has experienced in the past.

Staff at the three broadcasters said their computers crashed and could not be restarted, with screens simply displaying an error message, although they have continued to make television broadcasts, our correspondent said.

There were also reports of skulls popping up on some computer screens, which could indicate that hackers had installed malicious code in the networks, the Korean Internet Security Agency said.

Some services at Shinhan bank, including internet banking and ATM machines, were also affected, although operations now appear to have been restored.

In the immediate aftermath of the incident, South Korean internet service provider LG Uplus said it believed its network had been hacked, Reuters news agency reported.

An official from the presidential office told Yonhap news agency it was not yet known whether North Korea was involved.

"We do not rule out the possibility of North Korea being involved, but it's premature to say so," Defence Ministry spokesman Kim Min-seok said.

Hackers can cover their tracks by launching their attacks indirectly by hijacking other people's computer systems, says the BBC's technology correspondent Mark Gregory.

Tracing an attack to its original source can be complex in the extreme, he adds.

However, in some highly sophisticated attacks, hackers' precise methods have provided clues to their identity.

Slight variations in method have acted as a kind of digital signature, to help investigators trace who they are, our correspondent says.

No government-related computer networks were affected, an official from the National Computing and Information Agency (NCIA) told Yonhap.

The military has upgraded its information surveillance status by one level, Yonhap said.

North Korea is believed to have been behind two major cyber attacks on the South, in 2009 and 2011, that targeted government agencies and financial firms.

Nonghyup bank was one of the victims of the 2011 attack, which left its customers unable to access or transfer their cash for three days.

North Korea has stepped up rhetoric in recent days in response to fresh UN sanctions over its nuclear test in February and joint annual military drills between the US and South Korea, which it bitterly opposes.

On 15 March, North Korea's KCNA news agency accused the US and its allies of "intensive and persistent" hacking attacks on its networks.

Official sites such as KCNA, Air Koryo and Rodong Sinmun, the party newspaper, were reportedly inaccessible for short periods.