Worried about Conficker on April 1? Setting up OpenDNS can protect your network.

Editorial note: OpenDNS now provides comprehensive malware and botnet protection for businesses and schools. Learn more.

By now you’ve likely heard the speculation that April 1, April Fools Day, is the date Conficker kicks into action. And unfortunately this isn’t a joke. The virus, also known as Downadup, leverages a known vulnerability in the Windows OS and has the potential to do some serious damage. Some estimates for number of machines infected so far are as high as 15 million. The Internet is abuzz with news about the virus and predictions about what it will do.

As your DNS provider of choice, we’re in a unique and advantageous position to help keep our users safe. OpenDNS has kept our users safe from Conficker for the past several months by blocking the domains it uses to phone home. (We’ve seen lots of you start using our service to protect your networks from the worm.)

The latest variant of Conficker is now churning through 50,000 domains per day in an attempt to thwart blocking attempts. Consider this: at any given time we have filters that hold well over 1,000,000 domains (when you combine our phishing and domain tagging filters). 50,000 domains a day isn’t going to rock the boat.

So here’s our update: OpenDNS will continue to identify the domains, all 50,000, and block them from resolving for all OpenDNS users. This means even if the virus has penetrated machines on your network, its rendered useless because it cannot connect back to the botnet. If you want to disinfect your computer we recommend you check out the tools from our friends over at Kaspersky Lab.

If you’re already using OpenDNS, you’re all set. We’re protecting you automatically. If you’re not yet, simply set up a free account here and secure your network.

Tagged with:

Pingback: An easy way to defeat the Conficker worm | Squirrel Hacker
http://www.sil.org Chuck

We are an opendns.com user. It would be nice if there was a test link to know that we are covered for Conficker requests. Also, is conficker automatically blocked for all opendns users, or is there a catagory I need to check?

Chuck
Pingback: 040 Hosting Blog » Conficker almost there, time to switch DNS?
Pingback: Worried about Conficker on April 1? Setting up OpenDNS can protect your network. « Useful Links
http://michaelsdg.blogspot.com/ Michael

Thank you for this update.
guillaume

Will it block the legitimates sites that collision with the 50’000 daily hostnames ?
Does it prevent my potentially infected network from receiving commands through Conficker’s P2P system ?

Regards,
Guillaume
Tim

It’s good to know that you guys have my network covered.
Keep up the great work.
Pingback: Paul Stefan Ort » Blog Archive » The Conficker Worm
Pingback: Brace yourself - Page 2 - Tech Support Forums - TechIMO.com
Pingback: Is Your Network Prepared? - The RadioReference.com Forums
Will

Glad to hear it! Then again, I already know that.
kuya

Simply pointing to dns servers would protect the user? Or does one need to register and block a particular category?
http://www.opendns.com/ Allison Rhodes

@kuya – Yes, that’s correct. As long as you’re pointing at our DNS servers (with or without an account) you are protected. If you want to turn OFF Conficker protection, we have a feature called Botnet Protection – on by default – that you can disable.

-Allison
OpenDNS
Pingback: OSS Rises to Conficker Challenge | OpenLogic Blogs
Pingback: Help Protect Microsoft Windows from Conficker
Mary

What if I don’t have a network? should I still use this?
http://www.opendns.com/ Allison Rhodes

@Mary – Do you mean you don’t have a router? If so, simply set up OpenDNS on your computer. Instructions here: https://www.opendns.com/start/computer/
Pingback: markwilson.it » Useful Links: March 2009
Pingback: links for 2009-03-31 | Seth Goldstein Online
Pingback: Conficker, Nmap and What I sent to the Office » Solo Technology
Pingback: Chuckz Blog II » Blog Archive » Worried about Conficker on April 1? Setting up OpenDNS can protect your network.
champ2u

So, any word or updates yet? Its got to be 4/1/09 on the east coast (US) by now. Any word from Europe?
http://oks.tumblr.com Darren VanBuren

This is why I set up our computers (I want to do it on the router but I need to collect all the boeing domains to exclude for my mom’s VPN connection.)

Thanks for providing this reliable, fast and free service that keeps our networks safe.
Pingback: 1 April | mimimi ?
http://www.pipitonegroup.com/ Harry Caskey

You guys rock! We’ve been using OpenDNS as our DNS service at our company for over a year now and we love it.

Keep up the good work! I can’t wait to see what the next innovative thing you release.

-Harry Caskey
Systems Administrator
Pingback: McColley.net » Blog Archive » OpenDNS Protects Against the Conficker Worm [OpenDNS]
Pingback: Stop Conficker Worm by using OpenDNS | PaulSpoerry.com
Pingback: OpenDNS te protege del virus Conficker | Punto Geek
Pingback: OpenDNS assicura la protezione contro il worm Conficker / Downadup | Trucchetti.com
http://www.zeighy.net Ivan Lapis

Awesome! Great job!

I’ve seen a spike in my stats today around 3am to 7am in unique domains… I might be infected but I can’t find it…

I don’t even use my computer at that time. But it seems there’s no problem in my computer.

it, being blocked in contacting it’s server it a big help.
Pingback: The Glitch » OpenDNS vs. Conficker
Pingback: Ask The Admin » Blog Archive » April 1st is coming beware of the Conficker worm and impending doom.
Pingback: How to protect your computer from the Conficker worm | The How To Do Things Blog
Pingback: Conficker | technologyright.com
Pingback: OpenDNS Protects Against The Conficker Worm | Lifehacker Australia
Pingback: OpenDNS protege hasta del virus Conficker
Pingback: The Far Edge » Blog Archive » OpenDNS Protects Against the Conficker Worm [OpenDNS]
http://blog.eric.asia Eric

OpenDNS rocks. I have been using OpenDns on my work and home network with great results.
Pingback: OpenDNS: Still Worried About Conficker? | Lostonreentry.com
Pingback: ¡OpenDNS te protege! « Flipwared
Adam

I’d be curious in knowing how exactly OpenDNS is “finding” and blocking (instantly?) these Conficker domains….

How does it determine the difference between a Conficker domain, and any other “regular” domain?

No, I’m not just an average joe I’m a spam fighter by trade armed with arsenal of tools such as Complainterator, and a full contacts list, armed to forward spam samples to spam@uce.gov, all related domain registrars, phishtank (if it’s a phish), and an Encyclopedia full of juicy details (spamtrackers.eu)

On another note, it’s good to hear that OpenDNS is blocking these requests, but would there be any change of letting your users know (perhaps via e-mail? or through the my account area?) if there network is hitting a large amount of these blocklisted domains?

Obviously, that could mean either 1) a machine on that network is infected, or 2) a spam fighter is busy at work, tracking down the domain themselves, for reporting to spamcop, knujon, the domain registrar (complainterator), etc
Pingback: OpenDNS Blog » Do you have Conficker? Find out in your OpenDNS account.
http://www.opendns.com/ Allison Rhodes

@Adam – we’ve teamed with Kaspersky Lab to predict the 50,000 domains the worm uses. OpenDNS then blocks them all.

And we just (this morning) rolled out a Conficker detection service that will notify you in your account if we’ve seen suspicious queries relating to Conficker coming from your network.

-Allison
Pingback: Conficker? Don’t worry, we’ve got openDNS! - gіаиg's blog
MICHAEL

thanks for the information about that.
http://aaqil.tk Valentine Aaqil Mahmood

thank you so much opendns.com for giving always free nice service, this Pakistani is so happy by you people
http://www.zeighy.net Ivan Lapis

“And we just (this morning) rolled out a Conficker detection service that will notify you in your account if we’ve seen suspicious queries relating to Conficker coming from your network.”

That’s very helpful so that we can know if any computer in our network is infected.

I saw it when I logged in today and said “OpenDNS has detected no suspicious queries related to the Conficker virus from your network.”

Cool
Pingback: Zeighy dotNet Blog » How to stop Conficker
Pingback: Tech » OpenDNS Protects Against the Conficker Worm
Pingback: Has Conficker woken up? and how can you help your network - sheenaustin.com
GM

What to use as a network IP address when asked to add network to collect stats on a home system. Comcast or FIOS?? Thanks
GM

Please assist …. what do I enter for network address when asked to add network to collect stats on a home system using Comcast or FIOS?? Thanks
Pingback: Blog Dolodi.com ^^ » Post Topic » OpenDns ajuda você a combater o Conficker
S G

You guys rock!
Pingback: Use OpenDNS to Browse Faster, Safer, Fix DNS Errors | Guilda Blog
Pingback: Use OpenDNS and experience faster Internet | Vishant Garg
martín

hi guys,

kaspersky isn’t my friend anymore, nor since in it’s last incarnation it asks to uninstall SPYBOT Search & Destroy arguing compatibility problems.

However, those problems doesn’t exists, but what does exists is Mr. Kaspersky and his company greed – kaspersky claims to ship a antispyware engine in it’s package.

i’m now using avast! an out-of-this-world antivirus/antispyware/antirootkit/antimalware in conjunction with spybot, spywareblaster and ghostsecurity suite, all of them FREE. check avast! review at cnet’s download.com

(sorry if this post is off-topic but since this day blog is about Conficker and computing security I find fair to share my vision about how to enhance)

best!
Pingback: Use OpenDNS to Browse Faster, Safer, Fix DNS Errors | Michael Seufert
Pingback: Know What To Do About Conficker Virus « Virus Watch
Pingback: Know What To Do About Conficker Virus « :: Open Your Mind ::
http://www.eccouncil.org smith

David Ulevitch,
Thanks a lot for sharing such a nice informative article, i had gone through the article really a very nice and detailed review.
The exploit conficker used was patched before the virus even came out anyone who got or is STILL getting infected at this point deserves it just for sheer stupidity.

By the for more information check this link: http://www.eccouncil.org/certification/ec-council_certified_security_specialist.aspx
ocameredesupraveghere

Hey guys, nice to be here! I love blog.opendns.com!