A computer worm known as Conficker has been exploiting a vulnerability in the Windows operating system on a massive scale for the last several months. Millions of computers have likely become infected to date worldwide.
The Conficker worm is unique in that it uses large numbers of domain names to contact its ‘master’ computer in order to collect malicious instructions to then carry out.
Enabled on April 1, 2009, the latest variant of the Conficker worm appears to have the capacity to use hundreds of thousands of domain names (with any of 110 or more different extensions, including .fr) in this manner without the possibility of determining in advance which ones will serve for obtaining the instructions.
In practical terms:
DNS servers acting as authorities for existing domain names targeted by Conficker are therefore likely to receive unusual volumes of DNS requests ;
Some operators may also take certain precautionary measures to prevent resolution of these domain names into IP addresses.
As a result, access to services associated with these domain names (Web sites, e-mail servers, etc.) could slow dramatically or become temporarily unavailable.
Limiting the impact of the worm
AFNIC is working closely with the DCSSI and on an ongoing basis with its counterpart organisations (under the auspices of CENTR, an association of European registries) as well as with CERT and the Conficker Working Group.
It has implemented tools to enable monitoring for request traffic converging on domain names at risk as well as close surveillance of domain name registration when the names appear on the list generated by Conficker.
For additional information on the response measures proposed, please consult the following sites:
Conficker Working Group: www.confickerworkinggroup.org
Le portail de la sécurité informatique: www.securite-informatique.gouv.fr
This French government site provides essential information on applying the available patch and controlling computer infections as required.
(Association Française pour le Nommage Internet en Coopération )
Non-profit organization, AFNIC is in charge of the administrative and technical management of the .fr (France) and .re (Reunion Island) Internet domain names.
AFNIC brings together public and private members: representatives from the French government, Internet users and Internet Service Providers (Registrars).
Afnic is the acronym for Association Française pour le Nommage Internet en Coopération, the French Network Information Centre. The registry has been appointed by the French government to manage domain names under the .fr Top Level Domain. Afnic also manages the .re (Reunion Island), .pm (Saint-Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) French Overseas TLDs.
In addition to managing French TLDs, Afnic’s role is part of a wider public interest mission, which is to contribute on a daily basis, thanks to the efforts of its teams and its members, to a secure and stable internet, open to innovation and in which the French internet community plays a leading role. As part of that mission, Afnic, a non-profit organization, donates 90% of its profits to its Foundation for Digital Solidarity. Afnic is also the back-end registry for the companies as well as local and regional authorities that have chosen to have their own TLD, such as .paris, .bzh, .alsace, .corsica, .mma, .ovh, .leclerc and .sncf.
Established in 1997 and based in Saint-Quentin-en-Yvelines, Afnic currently has 80 employees.