[ISN] Downadup worm may hammer Southwest Airlines URL March 13

From: InfoSec News <alerts_at_private>
Date: Mon, 2 Mar 2009 01:08:04 -0600 (CST)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9128778

By Gregg Keizer
March 1, 2009 
Computerworld

Computers infected by the Downadup worm will "phone home" to several 
legitimate URLs this month, including one owned by Southwest Airlines, 
potentially disrupting those sites, a security researcher said Sunday.

According to a researcher at Sophos Plc., the Downadup worm -- also 
known as Conficker -- will try to contact wnsux.com on March 13 for 
further instructions. That URL, however, is owned by Southwest Airlines, 
and redirects visitors to the airline's primary southwest.com address.

"On March 13, the millions of machines infected with Conficker will be 
contacting wnsux.com for further instructions," said a Sophos researcher 
identified as MikeW in an entry on the company's blog. "They won't get 
any [instructions], but that may certainly disrupt the operation of 
southwest.com."

Once it has infected a PC, Downadup generates a list of 250 possible 
domains -- the list changes daily -- selects one, then uses that URL to 
reach a hacker-controlled server from which it downloads additional 
malware to install on the hijacked computer. The wnsux.com address is 
one of the 7,750 domains that the worm may use during March, said MikeW.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Sun Mar 01 2009 - 23:08:04 PST

This archive was generated by hypermail 2.2.0 : Sun Mar 01 2009 - 23:13:43 PST