Legitimate websites to feel Conficker worm’s impact

Sophos is warning computer users and website administrators to be vigilant this month as the Conficker worm is predicted to hit several legitimate sites, including Texan airline Southwest Airlines, potentially disrupting the service and leading websites to be effectively DDoSed in the process.

Experts at SophosLabs discovered that the Conficker worm – also known as ‘Downadup’ – will try to contact wnsux.com on Friday March 13 for further instructions. This URL, owned by Southwest Airlines, redirects visitors to the airline’s primary southwest.com address, meaning that the company’s operations may be compromised as the attack takes place.

Sophos has contacted the owners of the legitimate domains on Conficker’s list for March, including Southwest Airlines, and has offered advice on how to reduce the impact of the unwanted traffic. In the meantime, Microsoft continues to offer a USD 250,000 reward for information that leads to the capture and conviction of the authors of the Conficker worm that continues to wreak havoc.

Graham Cluley, senior technology consultant at Sophos explains:

Every day each computer infected by Conficker visits different websites, trying to see if orders have been left by its hacker overlords. The worm generates a long list of different website names which it uses to check in its hunt for instructions – meaning that the authorities can’t shut down a single site to stop the worm from activating its payload. The hackers’ plan is to use a domain name that they know Conficker will query on a certain day, enabling them to plant instructions for the botnet – which might send spam or launch other malicious attacks.