Peaches Posted March 2, 2009 Report Share Posted March 2, 2009 1 March 2009, 08:02 Conficker to disrupt legitimate domains in March The Conficker worm will be disrupting at least four legitimate domains in March according to a report from Sophos. Although the action taken last month by ICANN, Microsoft and many others to stop Conficker calling home is blocking domains that were unregistered, there are a number of legitimate domains who will, for one day at least, be called "home" by the worm. On those days, all the instances of the worm in the wild will attempt to connect to these domains, looking for new instructions or code, which could result in a denial of service for the owners and users of the legitimate sites. On March 8th, jogli.com (Big Web Great Music), will be called "home" by Conficker, followed by wnsux.com (Southwest Airlines) on the 13th, qhflh.com (Women's Net in Qinghai Province) on the 18th and praat.org (Praat: doing phonetics by computer) on the 31st. The Sophos report notes that other less frequented domains are also in Conficker's path. The report suggests that sites which are on the list look at either not resolving their domain name on the date or filtering the HTTP query that Conficker uses (http://<domainname>/search?q=<N>). The former option requires the site already has an alternative domain name in place, so Southwest Airlines could just use southwest.com. The latter option only works if the sites do not already have a search page mapped to /search and have a filtering mechanism which could take the expected load. Heise security - http://www.h-online.com/security/Conficker...h--/news/112747 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.