Conficker worm

[Quentin]

At the end of last month we advised all our students to install Open DNS on their systems to protect against the Conficker worm.

It seems now TV and news wires are picking news on this worm and creating a real scare campaign using the top anti virus software manufacturers to perpetrate the fear.

The thing is that it is like asking an Internet Marketer which is the best product which of course would be theirs.

By implementing something simple like open DNS on your business and home computers it will not stop the threat but severely restrict its effectiveness.

There are actually thousands of these around so don't just depend on anti virus software but install Open DNS which will restrict its movements.

Using the OpenDNS service is widely considered to be one of the easiest and most guaranteed ways to protect your network.

I have been using this service for years now and it has saved my but so many times. It also has the added functions of blocking porn and so much more and is fully controlled by you.

Implementing internet security for blocking the net! | The Internet Marketers Club

No money as it is a free service and very easy to install.

OpenDNS | Providing A Safer And Faster Internet

Quentin

[xiaophil]

I thought the Conficker infection vectors were primarily NetBIOS exploits via raw IP addresses.

How would changing your DNS server protect against this?


Phil

[Quentin]

Because it cant call home. DNS Blocks it.

Q

[Paul1234]

I've used OpenDNS for maybe 3 years now. I got it because my own ISP's DNS server lookups were extremely slow.

To protect against Conficker.c downloading whatever it wants whenever it wants, OpenDNS is working with Kaspersky and uses Kaspersky's algorithm to automatically block the 50,000 or so identified domains that the worm generates per day, 500 of which it would try to access per day.

Using OpenDNS though, won't protect against getting Conficker in the first place.

[xiaophil]

Quote:

Originally Posted by xiaophil

I thought the Conficker infection vectors were primarily NetBIOS exploits via raw IP addresses.

How would changing your DNS server protect against this?

Quote:

Originally Posted by Quentin

Because it cant call home. DNS Blocks it.

OK I think I understand now.

So this can't prevent the infection propagating but attempts to stop the worm downloading a payload, right?

The latest Conficker variants already communicate via custom peer-to-peer protocols, which I believe eliminates their need for DNS.

Also, Conficker is known to manipulate DNS lookups, how long before a new variant points your machine to a completely different DNS server? (and maybe a hostile one)

What about the nasty side effects of already being infected, like having your auto-updates disabled or killing your anti-spyware?

Quote:

Originally Posted by Quentin

...install Open DNS which will restrict its movements.

No! We already established the infection propagates via NetBIOS exploits which do not require DNS.

Quote:

Originally Posted by Quentin

...it will not stop the threat but severely restrict its effectiveness.

Or perhaps more rapidly encourage it's adaptation.


I think all we can safely say about this form of DNS "protection" is that it will not prevent your computer from becoming infected and if you are (or become) infected it may or may not prevent the worm activating a payload.

Phil

[Quentin]

That's right Phil it prevents the payload.

These have actually been around a long time and they can over ride Anti Virus software pretty easily however they still have to get the payload to work and this is where open DNS comes in.

While it is not the perfect solution it has saved us a lot in our business because it restricts our staff, kids wife etc getting to these sites in the first place.

This particular virus is not hard to detect however just using a simple system like this makes it a lot harder to activate.

Plus there are a lot of other benefits of using this form of prevention for other things as well.

Quentin