The Conficker worm, also known as Downadup, is targeting the Web site of Southwest Airlines and could disrupt online flight check-in and other services on March 13 as a result, security firm Sophos warned on Monday.
Mike Wood of SophosLabs Canada did some digging and found that the millions of computers infected with Conficker are programmed to contact wnsux.com, which redirects visitors to the main Southwest.com site, on March 13 to get instructions. That would cause a denial of service, shutting the site down temporarily, he wrote in a blog entry.
The worm is targeting about 7,750 domains, of which Wood said he found that nearly 3,900 are active. But they only resolve to 42 unique IP addresses, he said. Only a handful of those IP addresses are involved in a covert operation of ISPs and others trying to thwart Conficker by pre-registering domains, Wood wrote.
Other sites and potential dates that could be affected by Conficker are music site jogli.com on March 8, Chinese women's network qhflh.com on March 18, and computer phonetics site praat.org on March 31, he said.
"Other, less frequented sites of interest that appeared in the list include 'The Tennesse Dogue De Bordeaux' dog breeders site (tnddb.com, March 14) and the coy 'Double Super Secret Message Board' site (dssmb.com, March 11)," Wood wrote.
Sophos has more information in a statement on its Web site.
The worm, which has been around since last year, spreads through a hole in Windows systems, exploiting a vulnerability that Microsoft patched in October. Conficker also spreads via removable storage devices like USB drives, and network shares by guessing passwords and usernames.