These domains may be affected by the worm itself or by the steps network administrators have taken to protect their PCs, said MikeW. "Those millions of Conficker infected machines contacting the domain on its given day may overload the site and essentially result in a denial-of-service attack," he said. According to F-Secure , at least 2.1 million PCs are currently infected with the Downadup worm. "[Or] they may end up on a blocklist [that would ] prevent users from accessing their services." Microsoft, for example, has posted a list of Downadup's routing domains that IT administrators can use to block outbound "calls" from infected PCs.
MikeW said Sophos had contacted the owners of the domains on March's list, including Southwest. Currently, wnsux.com -- which Southwest Airlines apparently acquired to stymie negative publicity -- shunts users to Southwest Airlines' site and offers a message that reads in part, "Southwest wants to control the release of inaccurate and irresponsible information about the Company via the Internet."
Downadup first gained attention for exploiting a Windows vulnerability that Microsoft patched last October in one of its rare emergency updates . The worm has spread extensively since earlier this year, when a new variant appeared and quickly compromised as many as 9 million PCs within days.
Microsoft has also offered a $250,000 reward for information that results in the arrest and conviction of the hackers who created and launched Downadup, a move it last used in 2004.
Southwest Airlines was not immediately available for comment.
Computerworld is an InfoWorld affiliate.