Group launches strategy to block Conficker worm from .ca domain
Last Updated: Tuesday, March 24, 2009 | 3:50 PM ET
CBC News
Related
Internal Links
External Links
- Canadian Internet Registration Authority
- Symantec: Downandup C digs deeper
- CA: Conficker C virus detail
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
The group that manages Canada's .ca internet domain is working to foil an internet worm set to attack starting April Fool's Day.
"We're going to do everything possible to make this extremely inhospitable terrain for any worm, this one in particular," said Byron Holland, CEO of the Canadian Internet Registration Authority, a non-profit organization that represents those who hold a .ca domain.
Holland added that the group is trying to protect .ca's reputation and trust as a secure and robust domain.
CIRA said Tuesday that it is taking a number of steps to stop the Conficker worm, also known as the Downandup worm, from using the .ca domain to perform malicious actions on behalf of those who control it.
The worm has been spreading through the internet since the fall, and a group of internet groups and businesses led by Microsoft has offered a $250,000 reward for information leading to the arrest of those responsible.
The latest variant of the worm, Conficker C, which was noticed in early March, is expected to launch its attack once the system date on an infected machine is on or after April 1, 2009.
At that time, copies of the malicious code on infected computers will try to generate and connect to 50,000 web URLs a day from 110 domains around the world, including .ca while trying to reach a "command and control" domain for further instructions.
"They'll try to create a smoke screen of many, many thousands of domains that are being communicated to, among which that single or very small limited number of command and control domains will be hidden," Holland told CBCNews.ca Tuesday.
Infected computer joins 'botnet'
While CIRA has dealt with malicious code before while operating Canada's domain name system, this situation is unique, he added.
"This is the first virus that's really focused on domain names as part of propagating the virus itself."
Once it has its "command and control" instructions, the infected computer becomes part of a "botnet" of many infected computers that take orders from those who control them, and as such, it may gather personal information, install malicious programs on the computer, and attack or infect other computers.
CIRA's strategy includes pre-emptively registering and isolating previously unregistered .ca domain names that Conficker C is expected to try and generate, said a news release issued by the group.
That would make those names unavailable for anyone to register in order to set up a website to host the worm's "command and control" file. A list of the names has been predicted by security experts based on the worm's code.
In addition, CIRA is investigating and monitoring activity at names on the list that have already been registered and will "take appropriate action if suspicious activity is detected."
CIRA said computer security experts don't yet know what actions computers infected with Conficker C will be asked to perform, and may not until April 1.
"When it goes live, we will have a much clearer picture," Holland said.
Fraudulent anti-virus software
He added that the group has been working with internet security experts and registries around the world, some of whom are using similar strategies against the worm.
Conficker infects computers running various versions of Microsoft Windows, especially those that have not been patched with a security upgrade issued by Microsoft in October. The earlier variants, Conficker A and Conficker B, did not require any user intervention to spread.
According to CIRA, Conficker A attempted to download and install fraudulent antivirus software.
Conficker B generated a list of just 250 new internet domains to connect to every day, some of which may have hosted the worm's command and control file, but none of the domains were .ca names. The internet security company CA has reported that Conficker C may not trigger malware detection software on a user's computer because it has lost some of the spreading abilities found in previous versions.
It can shut down tools used to monitor for malware, and that could potentially remove it from the system.
CIRA is urging computer users to protect themselves by installing up-to-date security patches and is providing further information on its website.
Share Tools
Top News Headlines
- Greek parliament set for crucial bailout vote
- Greek lawmakers are poised to begin debate on legislation introducing the severe austerity measures necessary for the country to secure a €130 billion bailout and stave off bankruptcy. more »
- Head of Arab League's Syria observer mission quits
- The Sudanese head of the Arab League's observer mission to Syria has resigned, as the group was to consider a proposal to revive its suspended mission, officials said. more »
- Manitoba trailer fire kills 4
- Four people are dead after an early-morning fire quickly engulfed a residential trailer in Selkirk, Man. more »
- Quebec man charged with killing mother, 2 nieces
- A 35-year-old man has been charged with three counts of first-degree murder in connection with the deaths of his mother and two young nieces in Quebec's Eastern Townships. more »
Latest Technology & Science News Headlines
- Ancient Antarctic lake may harbour microbial life
- If scientists find microbes in a frigid lake 3.2 kilometres beneath the thick ice of Antarctica, it will illustrate once again that somehow life finds a way to survive in the strangest and harshest places, and it will offer hope that life exists beyond Earth. more »
- B.C. killer whale habitat protection ruled a legal duty
- The federal minister of fisheries has no discretion when it comes to protecting the critical habitat of B.C.'s southern resident killer whales, the Federal Court of Appeal has ruled. more »
- Game developer seeks $400K, makes $1M in a day
- Videogame studio Double Fine went on the website Kickstarter to raise $400K US in a month to develop a new game. They reached that target in a matter of hours. more »
- McGill asbestos study review criticized
- A group of anti-asbestos activists and scientists are criticizing McGill University's plans for an internal review of a major asbestos research study that has been called into question. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 10, 2012 3:17 PM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- Pop queen Whitney Houston dies at 48
- Whitney Houston 'happy' in days before death
- Whitney Houston's death sparks chorus of grief
- Quebec man charged with killing mother, 2 nieces
- Ultimate Tazer Ball combines shock and soccer
- Adults-only trade show cancelled in B.C. Bible belt
- Gadhafi Mexico plot riles SNC-Lavalin, insiders say
- Weed Man's sales tactics draw fire from consumer ministry
- Iran's Ahmadinejad promises 'big' nuclear news
