It is starting to look like the attacks that wasted South Korean government websites in March 2011 might have been cyberwar drills being carried out by North Korea.
Insecurity software McAfee has been looking at the attacks which it says mirror similar ones against South Korea in 2009.
In a statement, McAfee said that it would make the recent South Korean attacks more menacing than recent attacks by hacker activists, or “hactivists,” such as the groups Anonymous and Lulz Security.
Dmitri Alperovitch, vice president of threat research for McAfee Labs, said that the attacks on South Korea were likely Internet reconnaissance missions to test the impact that cyber weapons could have in wartime.
McAfee said the attackers likely built the army of computers that launched the attacks by infecting healthy PCs with malicious software at a popular South Korean file-sharing site.
They created a botnet which was used on March 4 to attack some 40 websites in South Korea,.
McAfee said that it was a rapid operation and seemed constrained with specific goals. It was as if the attackers were trying to see what level of damage could be done in a rapid time period.
Whoever was doing the hacking made it difficult for researchers to figure out what they were doing. The software was encrypted and programmed to destroy itself and its host PC 10 days after the March 4 attack began.
It is rare for a botnet to instruct infected computer systems to attack themselves because they want to keep enslaved computers running as long as possible. They can then use them for spam or other criminal attacks.
Alperovitch said it was fairly clear that the attacks were cyber war drills designed to determine how difficult it would be to take down key government websites during a war.