Information Security News mailing list archives
Downadup worm may hammer Southwest Airlines URL March 13
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 2 Mar 2009 01:08:04 -0600 (CST)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9128778 By Gregg Keizer March 1, 2009 Computerworld Computers infected by the Downadup worm will "phone home" to several legitimate URLs this month, including one owned by Southwest Airlines, potentially disrupting those sites, a security researcher said Sunday. According to a researcher at Sophos Plc., the Downadup worm -- also known as Conficker -- will try to contact wnsux.com on March 13 for further instructions. That URL, however, is owned by Southwest Airlines, and redirects visitors to the airline's primary southwest.com address. "On March 13, the millions of machines infected with Conficker will be contacting wnsux.com for further instructions," said a Sophos researcher identified as MikeW in an entry on the company's blog. "They won't get any [instructions], but that may certainly disrupt the operation of southwest.com." Once it has infected a PC, Downadup generates a list of 250 possible domains -- the list changes daily -- selects one, then uses that URL to reach a hacker-controlled server from which it downloads additional malware to install on the hijacked computer. The wnsux.com address is one of the 7,750 domains that the worm may use during March, said MikeW. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/
Current thread:
- Downadup worm may hammer Southwest Airlines URL March 13 InfoSec News (Mar 01)