By Steve Rennie, The Canadian Press
OTTAWA - A malicious cyber worm could wreak havoc on millions of potentially infected computers April 1 - or it could all be one big April Foolâs joke.
But the Canadian Internet Registration Authority isnât taking any chances when it comes to the latest variant of the Conficker worm.
CIRA, which manages Canadaâs dot-ca (.ca) domain name registry, warned Tuesday that millions of computers running Microsoftâs operating system may have been infected since the worm began spreading last fall.
Beginning April 1, the worm is expected to force infected computers to randomly generate and connect to 50,000 web URLs a day from 110 domains around the world, including dot-ca domains.
A secret âcommand-and-controlâ file instructing the worm to perform malicious actions could be hidden on any one of those URLs.
âThis command-and-control computer that all of the infected computers are going to try to reach out to is hosted under a particular domain name,â said Byron Holland, CIRAâs president and CEO.
âThis worm is quite smart, so what it does (is) it creates a smokescreen by generating a random list of many tens of thousands of domain names, among which the single domain name is associated with the command-and-control computer.â
Itâs not known what - if anything - the wormâs creators have in mind. They might overwhelm the Internet with spam, monitor keyboard strokes to collect passwords and banking information or delete files on a personâs computer.
âOnce a virus has control of an individual computer, it can effectively see whatâs happening in, or happening to, that computer,â Holland said.
âAt this point, we really donât know what the actual intent of this one is.â
CIRA worked with security experts around the globe to âreverse engineerâ the worm so they could find out which sites it will generate, Holland said.
As a preventative measure, the authority has now blocked 157,000 unregistered dot-ca domains expected to be generated by the worm, he added.
Microsoft released a patch in October to stop the worm from spreading. But newer variants are more sophisticated than the original worm and have continued to infect computers.
This latest variant of the worm, Conficker C, was identified in early March. An earlier variant, Conficker B, worked like this latest variant except that it generated a list of only 250 to connect to every day.
A cabal of Internet groups and companies, led by Microsoft, is offering $250,000 for information leading to the arrest and conviction of those responsible for the worm.
Roughly 1.2 million dot-ca domains are registered with CIRA.
