Conficker targeting of Southwest Airlines a red herring
The Conficker virus threatened to overload Southwest Airline’s Web site next Friday according to security experts. The reports appear on the surface to answer the long-running question of what damage the virus will actually do, but that may not be the case.
Sophos warns that the virus appears set to launch a denial of service attack on a variety of Web sites next week (Friday 13th of all dates). This would involve infected machines sending bogus requests to the sites until they are unable to cope with the traffic.
The affected sites would include wnsux.com, which redirects to southwest.com. That could have meant the site went down, disrupting online bookings and other queries. Other sites at risk included music site jogli.com and a site for female users in Qinghair, China.
The good news is that the warning allowed Southwest to temporarily disable wnsux.com, staving off the threat. The bad news is that the incident may just be a fluke occurrence and the real damage is yet to come.
It looks as if the people behind the virus were not intentionally targeting Southwest Airlines. Instead, it’s merely caught up in the way the virus operates: it uses randomly selected Web site addresses for infected computers to contact for random instructions. Security experts have already acknowledged it may be impractical to try to figure out the process used to create these addresses and buy up the domains before the virus creators can get to them.
Given that all the Web sites under threat had five letter domain names, it looks suspiciously as if the virus creators simply stumbled across legitimate addresses while creating the 7,500 or so random addresses to use this month.
That means there’s still no clear sign of what havoc the creators actually intend to unload with the network of infected machines – making Microsoft’s $250,000 efforts to find the creators increasingly urgent.
Related Posts:
