IT security and control company Sophos is warning computer users
and website administrators to be vigilant this month as the
Conficker worm is predicted to hit several legitimate sites,
including Texan airline Southwest Airlines, potentially disrupting
the service and leading websites to be effectively DDoSed in the
process.
Experts at SophosLabs discovered that the Conficker worm - also
known as 'Downadup' - will try to contact wnsux.com on Friday March
13 for further instructions. This URL, owned by Southwest Airlines,
redirects visitors to the airline's primary southwest.com address,
meaning that the company's operations may be compromised as the
attack takes place.
"Every day each computer infected by Conficker visits different
websites, trying to see if orders have been left by its hacker
overlords. The worm generates a long list of different website
names which it uses to check in its hunt for instructions - meaning
that the authorities can't shut down a single site to stop the worm
from activating its payload," explained Graham Cluley, senior
technology consultant at Sophos. "The hackers' plan is to use a
domain name that they know Conficker will query on a certain day,
enabling them to plant instructions for the botnet - which might
send spam or launch other malicious attacks."
"However, some of these domain names that Conficker-infected
computers are scheduled to visit are already owned by legitimate
organisations - like Southwest Airlines - meaning that on a given
day these sites will be bombarded by traffic as an army of
computers try to visit their site for commands," continued Cluley.
"They won't receive any instructions, but havoc could be caused by
the worm reaching out to the site. In Southwest Airlines's case, on
Friday 13 March, this could mean that customers may not be able to
check in online or even access the site."
Sophos has contacted the owners of the legitimate domains on
Conficker's list for March, including Southwest Airlines, and has
offered advice on how to reduce the impact of the unwanted traffic.
In the meantime, Microsoft continues to offer a US $250,000 reward
for information that leads to the capture and conviction of the
authors of the Conficker worm that continues to wreak havoc.
More information, including details of other legitimate websites
which could be impacted by Conficker during March, can be found on
the SophosLabs
blog.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.