We don’t often take to the blog to talk about some of the more advanced OpenDNS Enterprise security features, like our malware and botnet protection, but we know a lot of organizations rely on them to keep their networks secure. Today, I’d like to talk a little more about how our malware and botnet protection works, and why we’ve started seeing so many organizations move to OpenDNS Enterprise primarily for that added layer of internet security.

As with all of the advanced functionality OpenDNS has built atop our superfast recursive DNS service for businesses and schools – like the Web content filtering, phishing protection, and stats available in OpenDNS Enterprise –  our malware and botnet protection innovates on traditional offerings, and it works on any device connected to the network (including, say, an iPad that an employee brought from home).

OpenDNS blocks malware and botnet attacks before they can infect a network. We aren’t terminating an existing malicious connection, or cleaning up a breach that’s already occurred; as soon as OpenDNS sees an attempted connection to a malicious domain or IP address, we block it. A side benefit is that if an infected device is brought on to a protected network, OpenDNS can make sure that the infection doesn’t spread to other connected devices on the network if they do so via external command and control.

OpenDNS Dashboard Malware Notice

If you’re wondering why this matters: when Vanderbilt University switched to OpenDNS Enterprise in 2010, they blocked 1.5 million malware attacks in the first four months following the deployment. That’s 1.5 million potential data leaks thwarted, and 1.5 million device cleanups avoided.

It’s certainly something to think about, as the threat of malware and botnet attacks continues to escalate.  If you don’t have any malware or botnet protection for your organization, or you’re thinking about adding another layer of protection to your network, consider trying out OpenDNS Enterprise as your first line of defense.

Here at OpenDNS we’ve spent the past several months working to keep you safe from the Conficker worm. Using the OpenDNS service is widely considered to be one of the easiest and most guaranteed ways to protect your network. And today we roll out a free Conficker detection tool to give you actionable insight into whether or not you have Conficker on your network.

As David mentioned here, we’re in a unique position as your DNS provider of choice to block the worm at the DNS level and prevent it from phoning home. We’re also in a unique position to tell you, based on DNS queries coming from your account, if your network has been infected with Conficker. Log into your OpenDNS account now and you’ll see a banner indicating you either have Conficker or you don’t. This is a tremendously valuable service, and representative of a key innovation on the DNS. If you have friends or colleagues not using OpenDNS yet, we urge you to recommend the service.

Even though we prevent the worm from phoning home, we advise everyone with Conficker to run the disinfection tool. Microsoft offers a great one here.

Also today we’re sharing data about geographic distribution of the worm’s C-varient to date. This information is based on OpenDNS data alone, so is not necessarily representative of overall geographic Conficker distribution.

We’ll continue blocking Conficker for all of our users, through our on-by-default Botnet Protection feature. And we’ll keep you posted with updates about the virus, if/when we have them, on this blog.

Editorial note: OpenDNS now provides comprehensive malware and botnet protection for businesses and schools. Learn more.

By now you’ve likely heard the speculation that April 1, April Fools Day, is the date Conficker kicks into action. And unfortunately this isn’t a joke. The virus, also known as Downadup, leverages a known vulnerability in the Windows OS and has the potential to do some serious damage. Some estimates for number of machines infected so far are as high as 15 million. The Internet is abuzz with news about the virus and predictions about what it will do.

As your DNS provider of choice, we’re in a unique and advantageous position to help keep our users safe. OpenDNS has kept our users safe from Conficker for the past several months by blocking the domains it uses to phone home. (We’ve seen lots of you start using our service to protect your networks from the worm.)

The latest variant of Conficker is now churning through 50,000 domains per day in an attempt to thwart blocking attempts. Consider this: at any given time we have filters that hold well over 1,000,000 domains (when you combine our phishing and domain tagging filters). 50,000 domains a day isn’t going to rock the boat.

So here’s our update: OpenDNS will continue to identify the domains, all 50,000, and block them from resolving for all OpenDNS users. This means even if the virus has penetrated machines on your network, its rendered useless because it cannot connect back to the botnet. If you want to disinfect your computer we recommend you check out the tools from our friends over at Kaspersky Lab.

If you’re already using OpenDNS, you’re all set. We’re protecting you automatically. If you’re not yet, simply set up a free account here and secure your network.