6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

Conficker worm

by Quentin
5 replies
At the end of last month we advised all our students to install Open DNS on their systems to protect against the Conficker worm.

It seems now TV and news wires are picking news on this worm and creating a real scare campaign using the top anti virus software manufacturers to perpetrate the fear.

The thing is that it is like asking an Internet Marketer which is the best product which of course would be theirs.

By implementing something simple like open DNS on your business and home computers it will not stop the threat but severely restrict its effectiveness.

There are actually thousands of these around so don't just depend on anti virus software but install Open DNS which will restrict its movements.

Using the OpenDNS service is widely considered to be one of the easiest and most guaranteed ways to protect your network.

I have been using this service for years now and it has saved my but so many times. It also has the added functions of blocking porn and so much more and is fully controlled by you.

Implementing internet security for blocking the net! | The Internet Marketers Club

No money as it is a free service and very easy to install.

OpenDNS | Providing A Safer And Faster Internet

Quentin
#conficker #worm
  • Profile picture of the author xiaophil
    I thought the Conficker infection vectors were primarily NetBIOS exploits via raw IP addresses.

    How would changing your DNS server protect against this?


    Phil
    {{ DiscussionBoard.errors[688866].message }}
  • Profile picture of the author Quentin
    Because it cant call home. DNS Blocks it.

    Q
    Signature
    {{ DiscussionBoard.errors[689038].message }}
    • Profile picture of the author xiaophil
      Originally Posted by xiaophil View Post

      I thought the Conficker infection vectors were primarily NetBIOS exploits via raw IP addresses.

      How would changing your DNS server protect against this?
      Originally Posted by Quentin View Post

      Because it cant call home. DNS Blocks it.
      OK I think I understand now.

      So this can't prevent the infection propagating but attempts to stop the worm downloading a payload, right?

      The latest Conficker variants already communicate via custom peer-to-peer protocols, which I believe eliminates their need for DNS.

      Also, Conficker is known to manipulate DNS lookups, how long before a new variant points your machine to a completely different DNS server? (and maybe a hostile one)

      What about the nasty side effects of already being infected, like having your auto-updates disabled or killing your anti-spyware?

      Originally Posted by Quentin View Post

      ...install Open DNS which will restrict its movements.
      No! We already established the infection propagates via NetBIOS exploits which do not require DNS.

      Originally Posted by Quentin View Post

      ...it will not stop the threat but severely restrict its effectiveness.
      Or perhaps more rapidly encourage it's adaptation.


      I think all we can safely say about this form of DNS "protection" is that it will not prevent your computer from becoming infected and if you are (or become) infected it may or may not prevent the worm activating a payload.

      Phil
      {{ DiscussionBoard.errors[689130].message }}
  • Profile picture of the author Paul1234
    I've used OpenDNS for maybe 3 years now. I got it because my own ISP's DNS server lookups were extremely slow.

    To protect against Conficker.c downloading whatever it wants whenever it wants, OpenDNS is working with Kaspersky and uses Kaspersky's algorithm to automatically block the 50,000 or so identified domains that the worm generates per day, 500 of which it would try to access per day.

    Using OpenDNS though, won't protect against getting Conficker in the first place.
    Signature

    Paul Turner

    {{ DiscussionBoard.errors[689046].message }}
  • Profile picture of the author Quentin
    That's right Phil it prevents the payload.

    These have actually been around a long time and they can over ride Anti Virus software pretty easily however they still have to get the payload to work and this is where open DNS comes in.

    While it is not the perfect solution it has saved us a lot in our business because it restricts our staff, kids wife etc getting to these sites in the first place.

    This particular virus is not hard to detect however just using a simple system like this makes it a lot harder to activate.

    Plus there are a lot of other benefits of using this form of prevention for other things as well.

    Quentin
    Signature
    {{ DiscussionBoard.errors[689144].message }}

Trending Topics