Disruption that paralysed the computer networks of broadcasters and banks in South Korea appears to have been caused by a virus, an official close to the investigation has told the BBC.
The official said it was believed a "malicious" code was to blame for the system failure.
In the latest incident, two South Korean banks, Shinhan Bank and Nonghyup, and three TV stations KBS, MBS and YTN, all reported that their networks had suddenly shut down on Wednesday afternoon.
Most users couldn't start their computer at all, but some users also complained about a "hacked" screen (see image) showing up when the computer was started, according to the following NakedSecurity article: SophosLabs identifies malware used in Korean internet attack.
The file responsible for infecting the computer overwrites the Master Boot Record (MBR) including the partition table, but also the Volume Boot Record (VBR). When testing this, recovery proved complicated (on an XP machine a combination of Testdisk to rewrite the MBR, partition table and NTFS boot sector and the XP Recovery Console to rewrite the Volume Boot Record was necessary in order to repair the damage done). Because the partition table was overwritten, the data on the computer's hard disk couldn't be accessed even when using a Live CD or slaving the drive.