The distributed denial of service (DDOS) attack that has hit more than two dozen United States and South Korean government agencies and companies since the weekend does not make use of some of the latest developments in malware and was likely developed for this specific attack, according to researchers in possession of the malware source code.

The attack, which attempts to flood Web servers with initial requests to connect, temporarily took down several federal government Web sites in the United States and Korea over the past few days, though most are back online.

The targets, according to a list compiled by Verisign iDefense, include the Web sites of The White House, the Department of Homeland Security, the Department of Defense and the Federal Aviation Administration as well as The New York Stock Exchange, NASDAQ, and The Washington Post.

Several agencies, including two not on Verisign's list of 24 targets, confirmed to InformationWeek Government that they had been under attack. The Department of Treasury said it has experienced denial of service attacks over the past few days. The Department of Transportation, meanwhile, said it has been "experiencing network incidents" since the weekend and is cooperating with the United States Computer Emergency Response Team (US-CERT), one of the parties working to mitigate the attacks.

"US-CERT has issued a notice to federal departments and agencies, as well as other partner organizations, on this activity and advised them of steps to take to help mitigate against such attacks," a Department of Homeland Security spokeswoman said in an e-mailed statement. "We see attacks on federal networks every day, and measures in place have minimized the impact to federal websites."

Cybersecurity has become an increasingly high priority for the federal government, and President Barack Obama recently laid out plans to appoint a new high-level cybersecurity coordinator. Secretary of Defense Robert Gates recently said that the military had spent more than $100 million over six months responding to cyber attacks.

DDOS attacks have targeted the private sector for years and many companies have taken protective measures, but recent cyber attacks on Estonia and Georgia as well as this one could portend an increase in politically motivated attacks.

"It's no longer hackers defacing Web sites to become famous," says Phil Neray, VP of strategy at database security company Guardium. "It's policial cyberterrorism, which is a very serious threat."

Organizations can take several steps to stop the effectiveness of DDOS attacks, including isolating and blocking offending IP addresses, distributing network traffic across multiple network connections and network devices in order to dilute attack traffic, buying DDOS protection services from cybersecurity vendors, and developing and carrying out detailed response plans.

"It's nothing we haven't been talking about," said Dave Marcus, director of security research for McAfee's Avert Labs. "It's something that we've been seeing in the private sector for years. If nothing else, it serves as a wake up call."

Though several of the Web sites under attack experienced some downtime, many of them were back online by Wednesday. Web sites for the Korean president, legislature, Ministry of Foreign Affairs, and Ministry of Defense were reportedly all offline as late as Wednesday, but this reporter was able to reach all but the Ministry of Defense site by Wednesday morning Eastern Daylight Time.

The Web site for the Federal Trade Commission was down most of Monday and experienced problems on Tuesday, but a spokesman was unable to say whether this was a result of the DDOS attack.

According to reports by the Associated Press and Korean news agency Yonhap, South Korean government officials believe the attacks have been carried out by North Korean or pro-North Korean e