Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Conficker disruption predicted for March

Sophos : 03 March, 2009  (Technical Article)
Sophos predicts further disruption from the conficker worm with distributed denial of service attacks aimed at Southwest Airlines
IT security and control company Sophos is warning computer users and website administrators to be vigilant this month as the Conficker worm is predicted to hit several legitimate sites, including Texan airline Southwest Airlines, potentially disrupting the service and leading websites to be effectively DDoSed in the process.

Experts at SophosLabs discovered that the Conficker worm - also known as 'Downadup' - will try to contact wnsux.com on Friday March 13 for further instructions. This URL, owned by Southwest Airlines, redirects visitors to the airline's primary southwest.com address, meaning that the company's operations may be compromised as the attack takes place.

'Every day each computer infected by Conficker visits different websites, trying to see if orders have been left by its hacker overlords. The worm generates a long list of different website names which it uses to check in its hunt for instructions - meaning that the authorities can't shut down a single site to stop the worm from activating its payload,' explained Graham Cluley, senior technology consultant at Sophos. 'The hackers' plan is to use a domain name that they know Conficker will query on a certain day, enabling them to plant instructions for the Botnet - which might send spam or launch other malicious attacks.'

'However, some of these domain names that Conficker-infected computers are scheduled to visit are already owned by legitimate organisations - like Southwest Airlines - meaning that on a given day these sites will be bombarded by traffic as an army of computers try to visit their site for commands,' continued Cluley. 'They won't receive any instructions, but havoc could be caused by the worm reaching out to the site. In Southwest Airlines's case, on Friday 13 March, this could mean that customers may not be able to check in online or even access the site.'

Sophos has contacted the owners of the legitimate domains on Conficker's list for March, including Southwest Airlines, and has offered advice on how to reduce the impact of the unwanted traffic. In the meantime, Microsoft continues to offer a USD 250,000 reward for information that leads to the capture and conviction of the authors of the Conficker worm that continues to wreak havoc.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo