Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The website for Southwest Airlines, along with a number of other legitimate sites, could face downtime due to the Conficker worm, according to a researcher.Some 10 million computers worldwide have been infected by Conficker (a.k.a Downadup) and joined into a botnet. Each zombie machine is programmed to check in with approximately 250 URLs each day for more instructions, although there have yet to be any.A few of these domains -- including a site that redirects to the official website of Southwest Airlines -- actually are legitimate web destinations, researcher Mike Wood wrote in a post on the SophosLabs blog. That means that certain URLs could be overwhelmed by queries. In the case of Southwest, the compromised machines were set to contact the site on March 13.Sophos has contacted the owners of the legitimate domains, and as of Monday the Southwest Airlines site was unavailable. Microsoft is leading a coalition to disarm the pernicious worm, using reverse-engineered code that enables researchers to register the generated domain names before the bot herders can. But legitimate domains that correspond to the call-home lists Conficker generates have two major problems, Wood said.“First, without proper investigation, they may end up on a blocklist and prevent users from accessing their services," he said. "Second, those millions of Conficker-infected machines contacting the domain on its given day may overload the site and essentially result in a denial-of-service attack.”Unless the worm is defeated, its menace could continue for a long time, Graham Cluley, senior technology consultant at Sophos, told SCMagazineUS.com. “Conficker will continue to carry on and create domain names in its effort to find instructions on what to do next,” he said. “Right now it's running like a robot with no instructions – it's waiting for new commands. It's desperate for them, but none have been given to it yet.”The worm generates a target list by looking at the current date and time and running a "deterministic domain generation" algorithm that works out a random name. The zombie machines look for instructions each day and even if there are no instructions on a given site, it still gets heavy traffic -- relatively few sites can handles 10 millions hits per day.“In the old days, worms would only query a single site for instructions,” Cluley said. “That makes it easy for the authorities to shut down the site. With Conficker, there is a new list of names every day.” See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.