Category Sponsorship Banner Left

Category Sponsorship Banner Right

Category Sponsorship Banner Middle

Monday, 02 March 2009 07:21

Conficker may bring commercial web sites to their knees

By
One of the most notorious pieces of recent malware is set to cause collateral damage to commercial web sites.

It's common for malware to connect to a control server to get fresh instructions. That might be as simple as a new template for a spam campaign, or to collect fresh code.

But what if the server gets taken down, as happened to McColo?

One trick is to arrange for the malware to look to a different domain if it is unable to contact its controller for a certain period.

If those backup domain names were hardcoded, it would be all too easy to block them, or have them taken down before any harm could be done.

So a bright spark came up with the idea of algorithmically-generated domain names. The domains could be registered just in time, and security specialists would be kept on the hop.

You could even arrange for the malware to 'phone home' to a different domain each day. And that's what Conficker does.

Well, the theory is that this would present a challenge to the anti-malware forces.

In practice, security researchers are able to analyse this function as easily as any other. And a coalition of ISPs and other players has been registering the domains Conficker will try to use before the worm's backers can get hold of them.

But Sophos has determined that a small number of the 7750 domain names that Conficker will try to use during March correspond to real and active web sites.

That's the problem with generating semi-random strings: every now and then you'll get a real word, a set of initials, or a made-up name.

Which companies are likely to suffer a Conficker collateral DDoS attack this month? See page 2.


On March 8, Conficker will try to access wnsux.com. WN is the IATA code for Southwest Airlines. The airline presumably acquired the domain to prevent its use by someone with a grudge against the company ("WN Sucks").

The problem is that wnsux.com currently redirects to a page on Southwest's main site, and Sophos predicts that "millions of machines infected with Conficker will be contacting wnsux.com for further instructions."

That could potentially cause an effective - if accidental - distributed denial of service (DDoS) attack.

It should be easy for Southwest to turn wnsux.com into a black hole for one day. But that's not really an option for other organisations who actively use domain names that Conficker's about to collide with.

They include Discover Media Group's jogli.com, and a dog breeder's site at tnddb.com.

As Sophos points out, filtering out Conficker traffic before it reaches the servers is not an especially simple task, and will require a proxy with sufficient speed and bandwidth to cope with the load. It also requires that the site doesn't already use search URLs that are similar to Conficker's.

All this is just another sign - as if we needed reminding - that the people behind malware just don't care about the effect they have on the rest of us.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments