HEAT Security Blog

MyDoom Virus Returns with a Vengeance – DDoS Attacks on US and S. Korean Web Sites

An updated virus (MyDoom)- not a botnet is responsible for the DDoS attacks against US and South Korean websites this past weekend. The virus discovered back in 2004 has been updated to now include a list of websites that have become targets of a DDoS attack as the virus spreads.

The list of Web sites can be updated remotely; the current list of Web sites attacked by MyDoom include:
www.president.go.kr
www.mnd.go.kr
www.mofat.go.kr
www.assembly.go.kr
www.usfk.mil
blog.naver.com
mail.naver.com
banking.nonghyup.com
ezbank.shinhan.com
ebank.keb.co.kr
www.hannara.or.kr
www.chosun.com
www.auction.co.kr
www.whitehouse.gov
www.faa.gov
www.dhs.gov
www.state.gov
www.voanews.com
www.defenselink.mil
www.nyse.com
www.nasdaq.com
finance.yahoo.com
www.usauctionslive.com
www.usbank.com
www.washingtonpost.com
www.ustreas.gov
www.whitehouse.gov
fwww.aa.gov
evisaforms.state.gov
www.moneyfactory.gov
www.dot.gov
www.ftc.gov
www.nsa.gov
www.usps.gov
www.voa.gov
www.yahoo.com
travel.state.gov
www.nyse.com
www.site-by-site.com
www.marketwatch.com
www.amazon.com

Given the list of targets only included US and South Korean sites, at this point it’s widely believed that it is sympathizers to North Korea that are behind this attack but we’re still digging in (as are our fellow security compatriots) to see what further data points we can uncover to support that theory.