Joe Stewart, director of malware research for the counterthreat unit of SecureWorks Inc., said there's no indication yet of a claim of responsibility hidden anywhere in the program behind the attacks. Stewart and other researchers are analyzing the code for clues about the attacker's identity.

Stewart noted that the attacks on US government sites appeared to expand after the initial assaults over the holiday weekend failed to generate any publicity. He said the "target list" contained in the program's code only had five US government sites on it on July 5, but were broadened the next day to include nongovernment sites inside the US

The following day, the South Korean Web sites were added.

"It seems to me they thought the first round wasn't successful ... they felt they weren't getting enough attention because nobody was talking about their attacks," Stewart said.

The cyber assault on the White House site had "absolutely no effect on the White House's day-to-day operations," said spokesman Nick Shapiro. He said that preventive measures kept whitehouse.gov stable and available to the general public but that Internet visitors from Asia may have experienced problems.

All federal Web sites were back up and running, Shapiro said. A State Department spokesman said the agency's site was up but still experiencing problems. A Web site for the US Secret Service had experienced access problems but did not crash, the agency's spokesman said.

The cyber attack did not appear, at least at the outset, to target internal or classified files or systems, but instead aimed at agencies' public sites, creating a nuisance both for officials and the Web consumers who use them.

... contd.