New Zealanders lured by links to hacked photos of naked celebrities may have caused a nationwide internet meltdown.
Spark, the giant of the New Zealand business scene caught by malware attacks this weekend, says it's aware of speculation Kiwi's got caught on "attractive click bait" by cyber criminals.
There were warnings a few days ago from internet security providers that clicking on links to naked celebrity photographs would be a bad idea.
"There's speculation the two events might be related but we don't know," a company spokesman said on Sunday.
It is believed computer users clicked on links on Friday evening, but instead they inadvertently installed malware, triggering bulk traffic to offshore sites, which overloaded the network.
The intimate celebrity photos, which included actress Jennifer Lawrence and singers Avril Lavigne and Rihanna, were stolen from a cloud storage system.
Computer security specialists Trend Micro issued an alert shortly before the attack began warning not to open the links related to the nude celebrities, AFP reported.
"The first threat we found hails from Twitter, in the form of a tweet being posted with hashtags that contain the name of one of the leak's victims - Jennifer Lawrence."
Trend Micro said users who clicked the link offering to show a video of the actress were directed to download a "video converter" that was actually malicious software.
Customers of Spark, formerly known as Telecom, had problems browsing on broadband and mobile platforms for most of Saturday.
Staff worked through the night and the network appeared to be back to normal on Sunday, Spark communications head Conor Roberts says.
Some customers were still reporting problems, but that was a result of "teething problems", he told NZ Newswire.
It was not possible to prevent another attack, the network said.
"Teams had put in place ways of managing further high volumes of traffic from this kind of thing, but this is a pretty dynamic environment," Mr Roberts said.
"The point of attack might change in the future and obviously we will work to reduce that when it does pop up again."
The affected computers had been removed from the network and Spark was working with owners to ensure they were properly protected before being reconnected.
People should ensure their virus protection and spyware was up to date and shouldn't open any suspicious links, Mr Roberts said.
"We acknowledge the impact on our customers... and apologise to those people who were affected."
Some customers vented their frustration on Facebook, while others were more sympathetic about the malware issue.
Spark changed its name from Telecom in August, promising a new era for the telecommunications giant.