Conficker Time Bomb Targets Southwest Airlines, Others This March
Sophos Security is warning that the Conficker/Downadup worm ("Conficker worm") is targeting multiple domains -- including Southwest airlines -- that could end up causing Denial of Service (DoS) attacks and temporary disruptions.
The Conficker worm has been kicking around since last year and usually spreads via a) removable storage devices such as USB drives and b) network sharing. It exploits a Windows vulnerability that was patched by Microsoft last year.
According to a blog entry by Mike Wood of SophosLabs Canada, those computers infected with the Conficker worm are programmed to contact wnsux.com, which will redirect visitors to the main Southwest.com site on March 13. (Source: sophos.com)
Conficker and Southwest: Why Tango?
The problem with a legitimate site like Southwest.com making it onto Conficker's radar? Wood gives two reasons: without proper investigation, Southwest may end up on a blocklist, and users will be prevented from accessing their services. In addition, millions of infected machines contacting the domain on the 13th may overload the site and shut it down. (Source: cnet.com)
Wood says the worm is targeting about 7,750 domains of which nearly 3,900 are active, but only resolve to 42 unique IP addresses. Of those, only 28 are involved in a covert operation of ISPs and others trying to thwart Conficker/Downadup by pre-registering domains. The vast majority of those 28 domains are currently up for sale.
Key Sites Targeted By Conficker/Downadup
Key sites listed by Wood whose visitors may see a disruption in service include:
- jogli.com -- Big Web Great Music -- March 8
- wnsux.com -- Southwest Airlines -- March 13
- qhflh.com -- Women's Net in Qinghai Province -- March 18
- praat.org -- Doing phonetics by computer -- March 31
Other less frequented sites of interest that appeared on the list include 'The Tennesse Dogue De Bordeaux' dog breeders site (tnddb.com -- March 14) and the 'Double Super Secret Message Board' site (dssmb.com -- March 11). (Source: sophos.com)
Wood contacted the owners of the domains to draw their attention to the problem, and thankfully Southwest Airlines has already taken action to prevent the attacks. Solutions for network administrators to combat the problem were offered in the post by Wood from SophosLabs Canada.
If you haven't done so already, make sure you apply the patch from Microsoft to prevent your computer from being exploited. See "Cleaning Systems of Conficker" at the bottom of the page.
Visit Bill's Links and More for more great tips, just like this one!
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.