The Conficker worm was first discovered in October of 2008 and has infected millions of computers worldwide, turning them into nodes in a large and sophisticated botnet. Conficker nodes attempt to retrieve commands deposited on pre-determined domain names. Version B recently sought to exploit many known gTLDs. The C variant is now attempting to exploit ccTLDs. It is expected to activate as early as April 1, 2009, although there is no indication that specific new botnet activity will occur on that date.

Afilias’ role has been to help deprive Conficker of its command-and-control network by deploying registration policies and processes, for the TLDs that we support, that prevent the registration of domains that Conficker had targeted for possible use. The belief is that if we prevent the registration of these domains, we will deprive Conficker’s creators of Internet resources that they could potentially use to control and update their botnet. We have deployed this strategy across relevant TLDs immediately and have readied the same solution should our other customers be affected.

While the extent varies, Afilias has been able to work with our customers to identify the right blocking mechanisms for domains anticipated to be involved in Conficker. Jointly with our affected registry customers, we have taken all reasonable steps possible and expect that service for domain names in the TLDs we serve will not be affected due to Conficker on April 1, or otherwise.

Afilias has already invested heavily in infrastructure as well as detection and mitigation capabilities to address domain abuse. One output from that was the introduction of the .INFO Domain Anti-Abuse Policy, the first policy of its kind, introduced last year. We have been able to leverage this expertise to help secure our other customers with immediate and effective strategies to address future security events like Conficker.

Afilias is a member of the Conficker Working Group, which brings together TLD operators, industry leaders like Microsoft and ICANN, and security researchers to combat the Internet’s latest major security threat: the Conficker worm.