South Korea  |  North Korea

* Attacks originated from websites in five countries

* Damage to websites dwindling - security firm says

By Jon Herskovitz

SEOUL, July 10 (Reuters) - Cyber attacks slowing U.S. and South Korean websites could enter a new phase on Friday by attacking personal computers and wiping out hard disks, a South Korean government agency and web security firm said.

North Korea was originally a prime suspect for launching the cyber attacks, but the isolated state was not named on a list of websites from five countries where the attacks may have originated, the Korea Communications Commission (KCC) said.

The attacks targeting dozens of government and business sites in South Korea and the United States did not cause major damage or security breaches, experts said, but the KCC warned a new phase at 1500 GMT on Friday could cause severe damage to PCs.

Leading South Korean web security firm Ahnlab, which has closely examined the attacks, said the new phase would target data on tens of thousands of infected personal computers.

"The affected computers will not be able to boot and their storage files will be disabled," said Lee Byung-cheol of Ahnlab.

Almost all of the websites that were out of service this week, including the South's Defence Ministry, were up and running while Lee said the damage to Internet locations was dwindling due to better safeguards.

FIVE COUNTRIES NAMED

The KCC said host websites believed behind the original attacks were based in Germany, Austria, Georgia, the United States and South Korea. The location of the hackers behind the attacks was still unknown, it said.

South Korean MPs briefed by the National Intelligence Service said although websites in North Korea were not on the list, Pyongyang was still considered a suspect, Yonhap news agency said.

Internet access is denied to almost everyone in impoverished North Korea, a country that cannot produce enough electricity to light its cities at night. Intelligence sources say leader Kim Jong-il launched a cyber warfare unit several years ago.

Some analysts have questioned the North's involvement, saying it may be the work of industrial spies or pranksters. [ID:nN08404460]

The attacks will likely be seen by the North's leadership as a victory for Kim Jong-il -- even if Pyongyang was not involved -- because they added a new dimension to the threats posed by the state, which rattled regional security with a nuclear test in May and ballistic missile tests last week.

The attacks saturated target websites with access requests generated by malicious software planted on personal computers. This overwhelmed some targeted sites and slowed server response to legitimate traffic.

The so-called "distributed denial of service" hacking attack spreads viruses on PCs, turning them into zombies to simultaneously connect to specific sites, unbeknown to owners, experts said.

U.S. officials would not speculate on who might be behind the attacks but noted that U.S. government websites face attacks or scams "millions of times" a day. (Additional reporting by Rhee So-eui and Christine Kim; Editing by Nick Macfie)