http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9128778 By Gregg Keizer March 1, 2009 Computerworld Computers infected by the Downadup worm will "phone home" to several legitimate URLs this month, including one owned by Southwest Airlines, potentially disrupting those sites, a security researcher said Sunday. According to a researcher at Sophos Plc., the Downadup worm -- also known as Conficker -- will try to contact wnsux.com on March 13 for further instructions. That URL, however, is owned by Southwest Airlines, and redirects visitors to the airline's primary southwest.com address. "On March 13, the millions of machines infected with Conficker will be contacting wnsux.com for further instructions," said a Sophos researcher identified as MikeW in an entry on the company's blog. "They won't get any [instructions], but that may certainly disrupt the operation of southwest.com." Once it has infected a PC, Downadup generates a list of 250 possible domains -- the list changes daily -- selects one, then uses that URL to reach a hacker-controlled server from which it downloads additional malware to install on the hijacked computer. The wnsux.com address is one of the 7,750 domains that the worm may use during March, said MikeW. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Sun Mar 01 2009 - 23:08:04 PST
This archive was generated by hypermail 2.2.0 : Sun Mar 01 2009 - 23:13:43 PST