A computer worm known as Conficker has been exploiting a vulnerability in the Windows operating system on a massive scale for the last several months. Millions of computers have likely become infected to date worldwide.
The Conficker worm is unique in that it uses large numbers of domain names to contact its ‘master’ computer in order to collect malicious instructions to then carry out.
Enabled on April 1, 2009, the latest variant of the Conficker worm appears to have the capacity to use hundreds of thousands of domain names (with any of 110 or more different extensions, including .fr) in this manner without the possibility of determining in advance which ones will serve for obtaining the instructions.
In practical terms:
DNS servers acting as authorities for existing domain names targeted by Conficker are therefore likely to receive unusual volumes of DNS requests ;
Some operators may also take certain precautionary measures to prevent resolution of these domain names into IP addresses.
As a result, access to services associated with these domain names (Web sites, e-mail servers, etc.) could slow dramatically or become temporarily unavailable.
Limiting the impact of the worm
AFNIC is working closely with the DCSSI and on an ongoing basis with its counterpart organisations (under the auspices of CENTR, an association of European registries) as well as with CERT and the Conficker Working Group.
It has implemented tools to enable monitoring for request traffic converging on domain names at risk as well as close surveillance of domain name registration when the names appear on the list generated by Conficker.
For additional information on the response measures proposed, please consult the following sites:
Conficker Working Group: www.confickerworkinggroup.org
Le portail de la sécurité informatique: www.securite-informatique.gouv.fr
This French government site provides essential information on applying the available patch and controlling computer infections as required.
(Association Française pour le Nommage Internet en Coopération )
Non-profit organization, AFNIC is in charge of the administrative and technical management of the .fr (France) and .re (Reunion Island) Internet domain names.
AFNIC brings together public and private members: representatives from the French government, Internet users and Internet Service Providers (Registrars).