Slashdot Mirror

← Back to Stories (view on slashdot.org)

.CA Registrar Trying To Preempt Conficker

Posted by timothy on from the circling-the-wagons dept.

clover kicker writes "The CBC reports that the group managing Canada's .ca internet domain is working to foil an internet worm set to attack starting April Fool's Day. 'This is the first virus that's really focused on domain names as part of propagating the virus itself,' said Byron Holland, CEO of the Canadian Internet Registration Authority, a non-profit organization that represents those who hold a .ca domain. CIRA's strategy includes pre-emptively registering and isolating previously unregistered .ca domain names that Conficker C is expected to try and generate, said a news release issued by the group. That would make those names unavailable for anyone to register in order to set up a website to host the worm's 'command and control' file. A list of the names has been predicted by security experts based on the worm's code. In addition, CIRA is investigating and monitoring activity at names on the list that have already been registered and will 'take appropriate action if suspicious activity is detected.'"

3 of 227 comments (clear)

  1. Tactics? by nubsac · · Score: 4, Insightful
    It seizes to amaze me as to why they would make this public, 8 days before conficker is "supposed" to become active.

    It's like telling your enemy "Hey, I know where and when your going to strike"

    We know it's capable to updating itself, this just gives the author an 8 day head start on writing a new pseudo random URL generator.

  2. Re:ugh by Plutonite · · Score: 4, Insightful

    Look, we don't hate you for what you write - it may well be true. It just has nothing to do with this story, OK? It really is offtopic. In fact I agree with a lot of what you wrote (and disagree with some twisted facts too) but I think the moderators are right modding you down to hell, and maybe banning your IP range. You are annoying people. Annoyed people don't listen. Find a forum to discuss this in a sane way and people might listen.

  3. Seems like a futile attempt by billcopc · · Score: 4, Insightful

    It's cute that they're trying to preempt the worm, but to be effective they pretty much have to disable ALL potential domains. Miss one, and the worm will find it.

    What I don't get is how people can still be surprised/impressed/scared by these things. Today's viruses have little in common with their elegant, obfuscated ancestors. Any twit can assemble a "virus" by tapping into the OS' libraries. Today's worms are essentially package managers, so anything you can do with legitimate software like emailing, flashing your BIOS or opening ports on your firewall, a virus can do the same things. It simply has to talk to its software repository, pull down the pieces it needs and proceed with its dirty deeds.

    Hell, a tiny perl script could turn standard tools like Yum and Emerge into virus delivery agents. They already possess all the required functionality...

    --
    -Billco, Fnarg.com