Today we made two announcements, each very significant to all OpenDNS users. Here’s an overview to get everyone up to speed on what OpenDNS has cooked up.
The first announcement is about the comeback - and improvement - of the much-loved and anticipated Stats System. Stats are invaluable to network administrators: they give you insight into what’s happening on your network coupled with the tools to do something about it. The old system, which was overloaded and barely processing our nearly 9 billions DNS queries per day, was down for awhile as we made improvements. Sometimes you have to take a step back in order to take three steps forward. Thanks to everyone for your patience as we got it back up and running. I hope you’ll find it was worth the wait.
New functionality in the Stats System includes the comeback of the Top Domains report. This feature gives you a list of the top Web sites visited from your network and affords you unique insight into where your resources are being consumed, and which inappropriate or unsafe websites people are seeing. Top Domains now integrates directly with our Web content filtering system. This means you can look at Top Domains, see something you want blocked and block either the site or the category it fits into with a single click. (Example: Facebook.com is one of your Top Domains. Without leaving that screen you can block with Facebook.com or “Social Networks.”) Check out this screencast, narrated by the engineer who built it, Richard Crowley, to see the new system in action.
The second announcement is significant to all OpenDNS users as well as the entire Internet community. Today we’ve rolled out a way for you to see if Conficker is living on your network. The Conficker worm, also called Downadup and Kido, is massive. Some estimates of how many PCs are compromised are as high as 10 million. What’s interesting about this particular virus is that it uses the Domain Name System in a unique way: Conficker contains an algorithm that checks 250 new domains per day for instructions on what it should do. This puts us in a unique position to keep you safe since we’re in the unique position of providing insight and intelligence into your DNS service. We’ve teamed with Kaspersky Lab to identify those 250 daily domains, and stop resolving them. This means if you’re using OpenDNS, Conficker will do your network no damage. Yet another reason for your friends and colleagues to make the switch. While OpenDNS represents just a tiny drop in the sea of the Internet users today, we think this is a smart move forward.
To find out if Conficker has penetrated your network, simply log in to your account and select Stats on the left sidebar. From there choose Blocked Domains and filter “only domains blocked as malware.” This will generate a list of malware sites your network has attempted to connect with.
This is just the beginning, folks. We’ve got a year’s worth of new features we’re cranking hard on to make your network better performing and more secure. Stay tuned…
Sakal77
Great job, thank you :o)))
posted on February 10th, 2009 at 2:03 am
Eddie Philips
Once infected, automatic updates on Windows and from most antivirus sites no longer work no matter what DNS you use. Its blocked at the computer. Conficker / Downadup weakens the computer’s immune system even if it can’t call home. We are big fans of OpenDNS (in fact, using it is part of our downadup removal steps). Unfortunately, our own site has received email indicating that some people believe using OpenDNS protects them from the virus. It does not. While this move by OpenDNS is a fantastic one, and adds to the many reasons people should switch, the current message is confusing.
posted on February 10th, 2009 at 7:07 am
calvin
After reading your blog post, I checked to see if we had any confickers running. Fortuantely, no.
Then I wondered….if the stats for conficker would show up under “malware”, was there a “malware” category within the OpenDNS settings.
I didn’t see one. Perhaps there should be a category for “malware” that is selected by default. That could be used not just for conficker, but for future malware of a similar nature, or malware sites in general.
I really like OpenDNS and it definitely provides value to us, but having Conficker blocked without a category (meaning no administrator control), concerns me just a little. I’m all for blocking malware, but would prefer that I was the one that chose to block that category or had the option of not choosing it.
Thanks for a great service.
Calvin
posted on February 10th, 2009 at 8:47 am
OpenDNS Helping to Shut Down Conficker | geekEleet
[…] READ […]
posted on February 10th, 2009 at 11:02 am
Web content filtering without installing any software | IT a digital life
[…] (Feb. 10): Looks like OpenDNS official blog has more information about their new […]
posted on February 10th, 2009 at 1:23 pm
Ted Tyree
Phenomenal! You guys rock!
posted on February 13th, 2009 at 1:06 pm
RSS Week #42: articoli interessanti che ho trascurato - Matteo Moro
[…] OpenDNS Blog: we’re blocking Conficker […]
posted on February 14th, 2009 at 1:03 am
NEAL
On 2/11 at about 8 a.m., my tracking went down. OpenDNS is doing all the blocking and other assorted tasks it should do, except for tracking/stats.
posted on February 14th, 2009 at 3:21 pm
OpenDNS blocca conficker | Napolux.com
[…] dopo aver annunciato la partnership con Netgear ora blocca anche Conficker, il “famoso” virus sul cui autore Microsoft ha messo una taglia da 250.000 dollari. Questo […]
posted on February 16th, 2009 at 11:25 pm
tekopp123
Can you please find a way to block sites with escort girls? Such as escortecall.com and others i have submittet? They wount get blocked on my network.
posted on February 19th, 2009 at 1:08 pm
xtcy
i love opendns =)
posted on February 22nd, 2009 at 7:47 am
OpenDNS at CPB
10 million affected? That’s a large infection and conficker developer might be developing or upgrading a new algorithm. I hope OpenDNS could blend with changes of OpenDNS algorithm.
posted on February 27th, 2009 at 7:36 am
OpenDNS to Begin Blocking and Tracking Conficker Traffic
[…] 2: 2/9/09 - David Ulevitch posted an entry on the OpenDNS blog explaining well the new feature: Today we’ve rolled out a way for you to see if Conficker is […]
posted on March 1st, 2009 at 9:47 pm
Abbas Khan
Well done David.
You’re doing an awesome job!
posted on March 2nd, 2009 at 2:18 pm
Zero Day mobile edition
[…] perhaps the most pragmatic mitigation solution implemented on a large scale so far, has been OpenDNS updated Stats System which automatically stops resolving Conficker’s latest domains, a feature which they introduced last month. For the time being, the Conficker botnet remains in a […]
posted on March 3rd, 2009 at 12:41 pm
Conficker Worm to attack sites this March | Mundane Scribblings
[…] perhaps the most pragmatic mitigation solution implemented on a large scale so far, has been OpenDNS updated Stats System which automatically stops resolving Conficker’s latest domains, a feature which they introduced last […]
posted on March 4th, 2009 at 6:58 am
Hannes
Dear David,
You have no idea how much I love your service
I’m using it here in Brazil and already told many companies about it.
I have been having some funny problems. For example, this domains and hundred others
a.ahdjejgf.com
cdcqjhcrb.com
chacent.cn
cxaudx.info
dsfiwzyjs.ws
edwuuz.biz
fcgfhrd.ws
grvysuzemfr.ws
hmqcnieolp.info
lhewpdixzd.com
lyksjd.net
offsw.cn
oorvgrrvqel.org
otkqvutz.cn
qfsyvhqjwws.info
sgqohjvsem.cn
ulabtoqc.ws
uugtyimg.cn
uykgnk.com
wtotpusuhi.cn
are not beeing blocked, are those some other kind of malware appearing in the area ?
sincerely,
Hannes
posted on March 6th, 2009 at 3:35 am
F S
Great improvements! Keep it up.
posted on March 7th, 2009 at 8:25 am
Hector
Hola,
configure en mi servidor los dns de opendns.
pero cuando mapeo los ip conectados, 2 usuarios no estan
que ocurre pusieron un dns diferente y salen a internet burlando los bloqueos de direcciones o restricciones.
aver si alguien puede ayudarme ..
gracias
posted on March 11th, 2009 at 2:31 pm
lalit
how can block websites in server 2003
posted on March 13th, 2009 at 2:33 am
Vryhof Research Blog » Blog Archive » Work on Jeep, Conflicker/OpenDNS
[…] using OpenDNS, follow these instructions. To learn about how they are blocking conflicker, read this blog entry. If you have a prent, grandparent, less savvy family member you know of, setup OpenDNS for them […]
posted on March 25th, 2009 at 5:02 pm
John H.
CNN indicates http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/ that conficker.c generates 50,000 URLs a day instead of the 250 URLs a day for the previous version. Presume you are using the algorithm to block each of the 50,000 daily URLs. Yes?
posted on March 26th, 2009 at 12:53 pm
Conficker virus is going to activited on April 1, 2009 « Chris allen blog
[…] from getting this virus and stoping it from spreeding. You can use the opendns services to block conflicker from contacting the mothership. You can setup opendns on you computer by just folowing simple […]
posted on March 30th, 2009 at 5:02 am
OpenDNS Blog » Worried about Conficker on April 1? Setting up OpenDNS can protect your network.
[…] DNS provider of choice, we’re in a unique and advantageous position to help keep our users safe. OpenDNS has kept our users safe from Conficker for the past several months by blocking the domains it uses to phone home. (We’ve […]
posted on March 30th, 2009 at 12:41 pm
John Dixon
I created an OpenDNS account yesterday and cut my DNS server over late yesterday. We use Salesforce.com. This morning my users where not able to browse to any page of the Salesforce.com domain. I returned the DNS forwarders to my ISP and we are now able to access salesforce. I would like to use your service as I have only a small business budget and I feel your service provides added security but my users must be able to access Salesforce. I did add saleforce.com to the white list after re-pointing the forwarders but I will only be able to verify this tonight after hours when everyone is gone and I can point my DNS server back to your service.
Do you have any ideas why this problem? I had the content filtering set to minimal so as not to see problems like this and I planned on gradually increasing the level.
The path to salesforce.com’s login is [ https://login.salesforce.com/ ] . Is there an issue with a https secure socket layer with OpenDNS?
Thanks!
posted on March 31st, 2009 at 6:00 am
Conficker Virus - Quick Update « Steve Moncaster
[…] your IT Support company, we’re in a unique and advantageous position to help keep our users safe. Fivenines and OpenDNS has kept our users safe from Conficker for the past several months by blocking the domains it uses to phone home. (We’ve […]
posted on April 2nd, 2009 at 8:37 am
Allison Rhodes
@john - sorry for the late response. It’s possible - if you use UltraDNS - that this was related to their outage, and not an OpenDNS issue at all. It’s still unconfirmed, but there’s buzz that an outage took down Salesforce temporarily.
posted on April 3rd, 2009 at 2:56 pm
Conficker: The Neverending Story | Patrick Mylund
[…] You can check if your machine is infected by Conficker using the Conficker Eye Chart or check a network range with an nmap command like nmap -PN -T4 -p139,445 -n -v –script smb-check-vulns,smb-os-discovery –script-args safe=1 192.168.0.0 (version 4.85beta7 or higher needed). If you’re infected, use a tool like Kaspersky’s KidoKiller or Microsoft’s own Malicious Software Removal Tool and switch to OpenDNS (here’s why. […]
posted on April 12th, 2009 at 6:12 am
Zero Day mobile edition
[…] of purchasing counter-measure software, a cost which from my perspective has to be excluded due to the fact that working counter-measures are virtually free due to the impact of the worm. Therefore no additional […]
posted on April 23rd, 2009 at 10:41 am
Conficker’s $9.1 billion estimated economic cost | Poc Network - Blog
[…] of purchasing counter-measure software, a cost which from my perspective has to be excluded due to the fact that working counter-measures are virtually free due to the impact of the […]
posted on April 26th, 2009 at 8:11 am
¿Costo estimado de Conficker? u$s 9.100 millones | Shadow Security
[…] de programas de contra-medidas, un costo que desde mi perspectiva debiera ser excluido debido al hecho que las contra-medidas que funcionan son virtualmente gratuitas debido al impacto de este […]
posted on April 26th, 2009 at 6:56 pm
akshay dogra
i am very keen to use open dns services.but my concern is that i want to block sites from 17:00 to 8:00.. and i want to allow only certain sites after that.
example:i want to block certain sites(example: youtube) in office hrs and after office hrs and on weekends youtube should be accessible.
the usual content filtering should happen round the clock.
is it possible to do that if a use open dns?
please reply soon
posted on June 26th, 2009 at 12:34 am