For those who have been fretting over the imminent appearance of the wily worm Conficker C next week, the Canadian Internet Registration Authority (CIRA) has been at work on a solution to keep .ca domains safe once the worm is unleashed upon the world, and thinks Canadian IT staffers and Internet pros should have nothing to worry about.
This two-stage worm was detected last fall. Its first stage involves infecting as many computers as possible, according to Byron Holland, president and CEO of CIRA. “From there, it will reach out to its host to receive its direction,” he said. “It’s one of the biggest bot-nets out there.”
After its discovery in autumn, experts had been working on puzzling through the code, and discovered that the second phase would most likely deploy on April 1.
And right in the line of fire? The .ca domain, which is one of the 110 country-code domains targeted by the worm for corruption.
So far, experts don’t know what the exact intent of the worm is, said Holland, although it could range anywhere from spam to various forms of fraud or identity theft.
“Part of what Conficker does is register new domains that can become a host for driving the spread of infection,” said James Quin, senior research analyst with the Info-Tech Research Group. “This doesn’t present a threat to existing Web sites since those domains are already registered. The threat is that the worm could register new, currently unused domains.”
The thousands of endangered domain names will be taken out of circulation, said Holland.
The only real fallout is someone perhaps missing out on their preferred domain name, said Quin. “Should one of those domains turn out to be something an individual or business desires, that individual may feel impacted, but no more so than if the domain had previously been registered for legitimate purposes,” he said.
“Of the small number of registered domains, we are investigating them and validating them to make sure they are kosher,” Holland said. He could not confirm the number of possibly affected domains, citing security concerns.
“This will do two things: preserve the good name of the .ca domain (since no Conficker attacks will launch from .ca addresses), and limit the spread of Conficker by giving it fewer sources from which to work,” said Quin.
Holland recommends that IT managers running Windows systems make sure to keep their software up-to-date and patched up with the Conficker security patch that was recently released.