Slashdot Mirror

← Back to Stories (view on slashdot.org)

.CA Registrar Trying To Preempt Conficker

Posted by timothy on from the circling-the-wagons dept.

clover kicker writes "The CBC reports that the group managing Canada's .ca internet domain is working to foil an internet worm set to attack starting April Fool's Day. 'This is the first virus that's really focused on domain names as part of propagating the virus itself,' said Byron Holland, CEO of the Canadian Internet Registration Authority, a non-profit organization that represents those who hold a .ca domain. CIRA's strategy includes pre-emptively registering and isolating previously unregistered .ca domain names that Conficker C is expected to try and generate, said a news release issued by the group. That would make those names unavailable for anyone to register in order to set up a website to host the worm's 'command and control' file. A list of the names has been predicted by security experts based on the worm's code. In addition, CIRA is investigating and monitoring activity at names on the list that have already been registered and will 'take appropriate action if suspicious activity is detected.'"

3 of 227 comments (clear)

  1. Hrm by Niris · · Score: 5, Interesting

    Am I the only one hoping this thing turns out HUGE? It'd be interesting to see what happens.

    1. Re:Hrm by toonces33 · · Score: 5, Interesting

      Yeah, until we get the phone call from someone who needs help disinfecting a Windows machine. Then it isn't quite as entertaining. I am of the opinion that the internet is dying, precisely because of stuff like this. It just gets worse and worse every year, bandwidth requirements for spam and other garbage keep climbing, and nobody has a plan for how to shut these things down once and for all.

  2. Re:Tactics? by grcumb · · Score: 3, Interesting

    It seizes to amaze me as to why they would make this public, 8 days before conficker is "supposed" to become active.

    It's like telling your enemy "Hey, I know where and when your going to strike"

    We know it's capable to updating itself, this just gives the author an 8 day head start on writing a new pseudo random URL generator.

    Others have already answered to the effect that publicly coordinating actions doesn't significantly raise the exposure in this particular case.

    But going beyond that, are you sure that they're not manoeuvring in the face of the enemy, trying to elicit a response? Once you've got a subject under observation, sometimes the best way to learn its true nature is to poke it and see what it does.

    --
    Crumb's Corollary: Never bring a knife to a bun fight.