Conficker may bring commercial web sites to their knees

Stephen Withers
Monday, 02 March 2009 06:21

Business IT - Networking

On March 8, Conficker will try to access wnsux.com. WN is the IATA code for Southwest Airlines. The airline presumably acquired the domain to prevent its use by someone with a grudge against the company ("WN Sucks").

The problem is that wnsux.com currently redirects to a page on Southwest's main site, and Sophos predicts that "millions of machines infected with Conficker will be contacting wnsux.com for further instructions."

That could potentially cause an effective - if accidental - distributed denial of service (DDoS) attack.

It should be easy for Southwest to turn wnsux.com into a black hole for one day. But that's not really an option for other organisations who actively use domain names that Conficker's about to collide with.

They include Discover Media Group's jogli.com, and a dog breeder's site at tnddb.com.

As Sophos points out, filtering out Conficker traffic before it reaches the servers is not an especially simple task, and will require a proxy with sufficient speed and bandwidth to cope with the load. It also requires that the site doesn't already use search URLs that are similar to Conficker's.

All this is just another sign - as if we needed reminding - that the people behind malware just don't care about the effect they have on the rest of us.