Researchers from security vendor McAfee have analyzed the botnet responsible for a 10-day DDoS attack that paralyzed a number of South Korean websites in March. In a detailed 16-page report, McAfee suggested that the DDoS attack "could have been a test of South Korea's preparedness to mitigate cyberattacks, possibly by North Korea or their sympathizers." In this instance, over 40 globally distributed command-and-control servers were used to update clients with new malware binaries and commands. As noted by eWeek, "The botnet had likely infected the machines earlier with malware, which had lain dormant until the instructions were issued to launch the DDoS attack."

While there's no clear proof that North Korea was behind the attacks, the sophistication of the botnet, with its multiple encryption algorithms, obfuscation measures, multi-tier C&C servers and apparent self-destruction after 10 days, backs the assertion. Moreover, the technical sophistication of the botnet, when juxtaposed with the relatively limited objectives, points toward a test rather than an attempt to cause lasting damage. Some technical circumstantial evidence also links this attack to an earlier one from July 2009.

So what if governments are indeed mobilizing to engage in cyber attacks? What are some repercussions that could result? Have a look at today's Editor's Corner.

For more:
- read the analysis (.pdf) from McAfee
- check out this article at eWeek
- check out this article at Infosecurity

Related Articles:
U.S. may deem cyber attack an act of war
Should cyber attacks be considered acts of war?
Stormy seas ahead in fight against botnets like TDL-4