OpenDNS Protects Against The Conficker Worm
Yesterday we offered up a guide to protecting your Windows PC from the Conficker worm, set to perhaps start doing something this week. Free net service OpenDNS is another option for anyone concerned about today’s not-so-funny happening.
Why? OpenDNS has been tracking the Conficker worm and blocking the sites it keeps reaching out to for its nefarious further instructions. As OpenDNS’ David Ulevitch puts it:
The latest variant of Conficker is now churning through 50,000 domains per day in an attempt to thwart blocking attempts. Consider this: at any given time we have filters that hold well over 1,000,000 domains (when you combine our phishing and domain tagging filters). 50,000 domains a day isn’t going to rock the boat.
It’s free to use and set up; here’s a detailed guide for home networks.
Worried about Conficker on April 1? Setting up OpenDNS can protect your network[OpenDNS Blog]
- Next Post: Freaking Huge URL Lengthens Too Short URLS »
- « Previous Post: GO Contact Sync Keeps Google And Outlook Contacts Matched
Comments (AU Comments | US Comments)
I'm glad, I already use OpenDNS and my net is faster. ALso the parental filter is a nice and easy feature. Conficker, may you reside somewhere else!
Type1
me too, i was gona warn my housemates about this, but jus remembered i have opendns set up on the router. sick.
David Poole
OpenDNS, as always, is a double edged sword. Yes it does several things that are quite convenient, but it also redirects ALL of your Google queries through their servers before letting them go on to Google; this and other privacy issues with the service make me have a fairly significant level of suspicion about it.
There is a place for it. Just not on my boxes. Maybe I'm a little too tinfoil-hatlike, but make sure you know what you're giving up when you set your DNS server addresses to OpenDNS. For a more in-depth discussion on both sides of this, check some of the recent Slashdot threads about OpenDNS.
DarthVarner
I don't know why everyone was worried about this worm. I just figured it was some April Fool's joke.
geekening
@David Poole: Same here, but replace 'housemates' with 'sister, brother, mother, father, and dog'.
I'm still worried that my friends are gonna bombard me with "MY PCS GOING TO THE SHITTER WHAT DO I DO???".
is there anything OpenDNS can't do?
@geekening: nope. it wasn't.
KhaiJB
@DarthVarner: Would you rather have your requests go through Verizon or Comcast?
WardSparrows
@DarthVarner: erm. everything, not just google, goes through their servers when you use them....
KhaiJB
Open DNS is a great tool but will be hard to keep up with this thing.
By the way someone might want to go fix hacked gizmodo.com
Adam Hummel
Gizmodo Got Hit By Somebody! See for yourself. Well, somebody around Conficker I guess
Petr Supolik
So what exactly did Conficker DO this morning that everyone was so worried about it doing?
@Adam Hummel: *cough*date*cough*
KhaiJB
@Petr Supolik: *cough*date*cough*
KhaiJB
@DarthVarner: Doesn't the DNS just give your comp the correct ip address for the domain your looking for? Maybe I'm wrong but I don't think all your internet packets go through any DNS server. And as far as rerouting google, doesnt that only happen when you type your search directly into the address bar as opposed to using the google search bar (or chrome for that matter)?
ghackett
@Gonzie: Yes, give you the conficker Virus :P
@Oranges w/ Cheese: Nothing yet.
Not even sure if it WILL.
Correction: "keyboard shortcuts" --> "keyword shortcuts"
@Atsumi: It got people all worried and paranoid.
Doug81
oDNS is worth using anyway :)
@ghackett: You're right. Not only that, but once you've queried the IP address for google.com once, your computer caches that result for the next time. It's not like you're hitting the DNS server for every single search you do.
jokono
@KhaiJB: I love April One celebrations.
Software_Goddess
@DarthVarner: If you don't like it, you have a hosts file :)
I tried it a while back but it killed address bar search and reminded me of when I switched ISPs and wasted half a day figuring out why every computer in the house was going to one of those spyware fake search pages, and it turned out to be the Earthlink virus.
@KhaiJB: *cough*they probably know*cough*
@Gonzie: I attached a robotic arm (via USB) to my computer, and googling something will make the hand get it!
Makes turning safesearch off have a whole new meaning.
can lifehacker post an article on opendns, i'vd never really quite understood it
I don't really understand why this stupid worm is getting so much press... its not special, many worms have formed botnets... is it because it hasn't started yet? Is it hard to remove? is it made of candy? I don't get how its any different than any of the other 200 viruses on your computer.
Yay opendns and its fake google renderings to non-operative domains ::rolleyes::
ShadowBottle
I have been using OpenDNS for a while and it's great I would recommend it been used over any ISP DNS any day.
Dark123
@Phoshi:
Exactly. I use OpenDNS but have Google set up in hosts to use a "direct" IP, as opposed to an OpenDNS server that will reroute all of my Google traffic.
MkFly
A few weeks ago TWC was getting hit by hackers, and their DNS servers were going down like clockwork. I switched to OpenDNS then and haven't bothered switching back.
mye
Why does Lifehacker insist in giving wrong advice about this virus by blindly reading others report and posting it on their own site. OpenDNS is so far behind in tracking this, it is a waste of time to use it in respect to this virus.
TheMadMidget
@DarthVarner: "Maybe I'm a little too tinfoil-hatlike..." Ya' think?
YachiraG
I use OpenDNS on my own computer, but we have a shared router that belongs to my friend's day (his house) and he doesn't want me messing about with it. He's one of those people who doesn't understand technology beyond the basics of using it, and is always afraid of breaking something. It took us years to get him to switch to Firefox from IE 6.
@KhaiJB: Only your DNS requests goes through their server, nothing else. Google requests are redirected to their server only if you activate a specific (an optional) web filtering feature. Please stop spreading FUD.
HaldenAntilochus
@mikekearn: I'd bet that you could change it without him even noticing. Does the admin account still have the default password? probably. just change the dns settings, and he'll never know.
@misterfuzz: Oops, never mind.
misterfuzz
In German, that means grain-f#$%er
misterfuzz
I'd like to use OpenDNS (and in my previous testing it did speed up my browsing).
However, I've been unable to get things like Windows Update to work once I point my router to OpenDNS.
I've found references to this issue on the web, but have not found a workaround for it yet.
It's weird, since it appears that for most people, this isn't an issue.
Anybody got any suggestions? Is it likely to be a configuration issue on the part of my ISP here in New Zealand?
@DarthVarner:
Yes, you are being tinfoil-hat-ish (is that a word?). I'd rather have my DNS queries go through an always reliable and very fast DNS farm rather than through the crappy ones Optimum seems to be using. I gave up on OOL's servers years ago.
If you're that concerned over who's snooping on your computer's DNS queries, then you might as well sit there and either set up your own DNS server or manually type in IP addresses for every site you wish to visit.
Oscar Feliciano
1) Get wireless router.
2) install dd-wrt
3) set up for use with opendns
4) stop worrying about things and have a better life
@$_philly;: my answer: format
alternate answer: FIX YOUR OWN DAMN COMPUTER! you broke it, YOU fix it!
(NOTR: answer may change if large piles of cash are placed at my feet)
@dekay46: Don't forget to update your router firmware religiously, since it is another system that can be hacked. This isn't any different then the need to update the vendor firmware, but most people don't do that either.
Most router settings that I've seen allow you to set the DNS providers manually, so there's no **requirement** to load dd-wrt or tomato or OpenWRT or whatever, if you don't want.
OpenDNS isn't doing all this for free. They get all your DNS requests and correlate them for "some" purpose. I don't know how they make money, but they certainly aren't dumb. Perhaps they sell this data to google or yahoo or microsoft?
TheFu
I was really peeved with 60 Minutes' Leslie Stahl's sensationalized "report" on conflicker this past Sunday. She spoke with the head of Norton, and well, gee, I think he just loved to play along with Stahl and her quest to find out how dangerous the Internet is. Great for business.
She also pisses me off, because she acts like a doddering old dolt when looking at the screens with such wonderment. When she points to the screen with a withered claw, she behaves like she has never used a PC.
I remember she did a report on java maybe 7 or 8 years ago. Still haven't picked up the keyboard / screen thing, Leslie?
It was not responsible journalism at all. Leslie and Mr.Norton went from one screen to the next to watch it move around. It seemed odd because she prefaced the piece saying the worms are all dormant, waiting for the next command.
Lastly and worst of all, she did not even touch on ways for the average person to protect themselves. Nothing. No website to visit. No tips, no help.
Unsettle everyone watching, especially the people who are new to the Internet and then end the piece on a horrible, ominous note.
Nick
Hi, Good article. Sophos' Conficker removal tool can detect and remove all variants of the worm/virus. As long as people run these tools it should stop any serious outbreak. James
SargentHuang
I liked OpenDNS and at work, easily blocked uses by using their DNS watch.
However, I recall some Google searches that kept finding me vendors in the UK.
If you know what you are doing, shouldn't be an issue.
SigmundTheSeaMonster
To understand these worms and such, you gotta take a step back, and do some research of your own :) Currently, we got about 3 major worms, running rampant. And in a way, it's kind of like a competition among criminals, to see who can obtain the biggest arsenal. The primary use of the majority of these worms is simply to be used as mass-mailing (spam) hosts. If you have a decent ISP, most will kick your IP address offline if they find you sending unsolicited spam e-mail en masse (say, 100 every 10 minutes? lol). But not all ISPs are this responsive. Particularly across the pond, in the areas of Turkey, Russia, etc...they simply don't care. There are very lax laws protecting citizens from internet crimes such as this, so they take over machines in this area, set them up on bullet-proof hosting, usually under some sort of fast-flux and/or round robin network infrastructure (keeps their IP addresses ever changing, and up to date in the domain name system). A worm is a worm, either way it's something you don't want on your computer. What I'd hope (as an OpenDNS user...) is that OpenDNS alerts it's members who are seen querying a large amount of these blocked "conficker" domains.... As that could indicate one of two things: An experienced spam fighter at work (pinging, whoising, tracert'ing, etc..lol) or, an infect computer at that ISP address.
ArmandZethus
Open DNS does nothing special...... except when it's far from your ISP's own DNS servers........ then Open DNS is special-- it's SLOW!
paintbox