Conficker worm targets Southwest Airlines site

If you are flying Southwest Airlines on March 13, you might want have trouble doing online check-in as the site is being targeted by the Conficker worm, security expert says.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

The Conficker worm, also known as Downadup, is targeting the Web site of Southwest Airlines and could disrupt online flight check-in and other services on March 13 as a result, security firm Sophos warned on Monday.

Mike Wood of SophosLabs Canada did some digging and found that the millions of computers infected with Conficker are programmed to contact wnsux.com, which redirects visitors to the main Southwest.com site, on March 13 to get instructions. That would cause a denial of service, shutting the site down temporarily, he wrote in a blog entry.

The worm is targeting about 7,750 domains, of which Wood said he found that nearly 3,900 are active. But they only resolve to 42 unique IP addresses, he said. Only a handful of those IP addresses are involved in a covert operation of ISPs and others trying to thwart Conficker by pre-registering domains, Wood wrote.

Other sites and potential dates that could be affected by Conficker are music site jogli.com on March 8, Chinese women's network qhflh.com on March 18, and computer phonetics site praat.org on March 31, he said.

"Other, less frequented sites of interest that appeared in the list include 'The Tennesse Dogue De Bordeaux' dog breeders site (tnddb.com, March 14) and the coy 'Double Super Secret Message Board' site (dssmb.com, March 11)," Wood wrote.

Sophos has more information in a statement on its Web site.

The worm, which has been around since last year, spreads through a hole in Windows systems, exploiting a vulnerability that Microsoft patched in October. Conficker also spreads via removable storage devices like USB drives, and network shares by guessing passwords and usernames.