Is it a hoax or is this threat for real?  The Canadian Internet Registration Authority (CIRA) is not taking this lightly.

The Canadian Internet Registration Authority, the non-profit organization responsible for operating the dot-ca Internet domain, today announced it is taking prudent steps to counter possible misuse of the dot-ca domain by the Conficker C worm.

Conficker C is the latest variant of a malicious Internet software program that acts in two stages. The first stage has infected potentially millions of computers around the world and, beginning April 1, is expected to try to communicate with command codes placed on web sites by the worm’s authors.

This potential virus will be like one we have not seen before.

In an effort to shield their activities from Internet security authorities, Conficker C’s authors have programmed their worm to randomly generate domain names from 110 country-code domains around the world, including dot-ca. CIRA has put in place a plan to counter this potential misuse of the dot-ca registry and to maintain its integrity as one of the most secure and robust domains in the world.

With knowledge CIRA has gained about this virus they are taking the necessary steps to try and protect the targetted .CA domain names that may be part of this attack.  Domains that CIRA has identified as potential targets are now being placed on a “restricted” list of domain names that cannot be registered by anyone.  This is an attempt to limit the impact that an attack of this nature can have on Canadian domain names and domain name owners.

Conficker C expected to activate April 1
In early March, a third variant, Conficker C, appeared. Whereas Conficker B generated a daily list of 250 new domains to connect to in search of a command and control file, this latest variant will begin on April 1 generating a daily list of 50,000 country-code domains in which these files could be hidden. These names are drawn from 110 country-code domains, including the Canadian extension dot-ca.

If you attempt to register a seamingly ‘available’ .CA domain name only to find out shortly afterwards that the regsitration has been rejected by CIRA, you are witnessing CIRA’s damage control in action.  This is being done in an effort to reduce the number of .CA domain names that may be affected if this virus takes shape.

If you have any questions about this or would like some clarification drop us a line in the comments or contact our Support department from your Netfirms Control Panel.