February 4, 2015: Some Internet security researchers were surprised recently to discover that the website of the North Korean government owned and operated Korean Central News Agency was equipped to secretly plant (or try to plant) spyware on the PCs of people visiting the site. The infection code was set up so that the operators of the North Korean site could easily deliver different kinds of infections. This infection capability was apparently set up in 2012 and it is still unclear how many, if any, visitors were infected and exactly with what.

Not everyone visiting the site would be infected when the North Korean system was rigged to deliver a payload to visitors because visitors with well-protected systems (like Internet security experts or anyone with a high-end antivirus system) would, at most, get an alert that this North Korea site was trying to infect them.

The North Koreans won’t say anything and it’s possible that the infection code was there as part of a training exercise for their own hackers. The code was not of the highest quality and looks like something student hackers might put together. Like just about everything else in North Korea the details of this hidden infection code are a state secret. So we have to wait for North Korea to collapse or for one of their hackers to defect to find out what is going on here. Whatever it is, it ain’t good.