Group warns new Internet worm set to attack April 1


By Steve Rennie, The Canadian Press

OTTAWA - A malicious cyber worm could wreak havoc on millions of potentially infected computers April 1 - or it could all be one big April Fool’s joke.

But the Canadian Internet Registration Authority isn’t taking any chances when it comes to the latest variant of the Conficker worm.

CIRA, which manages Canada’s dot-ca (.ca) domain name registry, warned Tuesday that millions of computers running Microsoft’s operating system may have been infected since the worm began spreading last fall.

Beginning April 1, the worm is expected to force infected computers to randomly generate and connect to 50,000 web URLs a day from 110 domains around the world, including dot-ca domains.

A secret “command-and-control” file instructing the worm to perform malicious actions could be hidden on any one of those URLs.

“This command-and-control computer that all of the infected computers are going to try to reach out to is hosted under a particular domain name,” said Byron Holland, CIRA’s president and CEO.

“This worm is quite smart, so what it does (is) it creates a smokescreen by generating a random list of many tens of thousands of domain names, among which the single domain name is associated with the command-and-control computer.”

It’s not known what - if anything - the worm’s creators have in mind. They might overwhelm the Internet with spam, monitor keyboard strokes to collect passwords and banking information or delete files on a person’s computer.

“Once a virus has control of an individual computer, it can effectively see what’s happening in, or happening to, that computer,” Holland said.

“At this point, we really don’t know what the actual intent of this one is.”

CIRA worked with security experts around the globe to “reverse engineer” the worm so they could find out which sites it will generate, Holland said.

As a preventative measure, the authority has now blocked 157,000 unregistered dot-ca domains expected to be generated by the worm, he added.

Microsoft released a patch in October to stop the worm from spreading. But newer variants are more sophisticated than the original worm and have continued to infect computers.

This latest variant of the worm, Conficker C, was identified in early March. An earlier variant, Conficker B, worked like this latest variant except that it generated a list of only 250 to connect to every day.

A cabal of Internet groups and companies, led by Microsoft, is offering $250,000 for information leading to the arrest and conviction of those responsible for the worm.

Roughly 1.2 million dot-ca domains are registered with CIRA.

I’ve already fixed mine,  here is the link…

OMG we’re all going to DIE!!!
Thank God I can’t do anything on my Mac. Missing all the fun!  :sunglasses:

Same here, linux, So Herbie, see you  here tomorrow. assuming there is still an Internet.

april fools prank or no?