Inka Internet reported a March 2011 DDoS campaign against major South Korean websites that used malware distributed through a domestic webhard service to turn many user systems into zombie PCs. The malware interfered with antivirus engine and pattern updates by modifying host entries, and Inka issued emergency nProtect updates and a dedicated removal tool. The same malware family was assessed as a variant of the July 2009 DDoS attacks, with the same attacker suspected, and some samples used apparently manipulated digital signatures. Beyond DDoS, infected systems were reported to damage or encrypt important documents, leak PC information, and trigger hard-disk destruction under certain timing or command conditions, making the campaign a destructive endpoint threat as well as a service-disruption operation.