CIRA Working to Counter Conficker C

March 26, 2009

The Canadian Internet Registration Authority, the non-profit organization responsible for operating the dot-ca Internet domain is taking prudent steps to counter possible misuse of the dot-ca domain by the Conficker C worm.

Conficker C is the latest variant of a malicious Internet software program that acts in two stages. The first stage has infected potentially millions of computers around the world and, beginning April 1, is expected to try to communicate with command codes placed on web sites by the worm’s authors.

In an effort to shield their activities from Internet security authorities, Conficker C’s authors have programmed their worm to randomly generate domain names from 110 country-code domains around the world, including dot-ca. CIRA has put in place a plan to counter this potential misuse of the dot-ca registry and to maintain its integrity as one of the most secure and robust domains in the world.

“A dot-ca domain name is valued and trusted as the best way for individuals, businesses and other organizations in Canada to connect with people, build their brand, reach markets and service customers,” said Byron Holland, president and CEO of CIRA. “In consultation with our international peers and Internet security authorities, we are taking prudent steps to counter attempts to abuse this trust.”

CIRA’s efforts include pre-emptively registering and isolating previously unregistered dot-ca domain names expected to be generated over the next 12 months by Conficker C. This move, which covers the vast majority of affected names during that period, will prevent registration of those domains by undesirable actors. In the small number of cases where the domain name has already been registered, CIRA will actively investigate and monitor activities at those domains and take appropriate action if suspicious activity is detected. For security reasons, CIRA was not willing to provide further details.