IT Security SMB/Enterprise Network

Add a second layer of defense against conficker

Conficker, also known as Downup, Downadup and Kido is the latest threat which is scaring me now, and most of IT Admins all over the world. Lost my sleep because of this. 🙁

All security sites, gives us information on how to stop this virus from infecting the computers like applying upto date Microsoft patches, including MS08-067, updating anti virus to the latest version, use latest Microsoft Malicious Removal Tool, Disable Autorun etc. I am completely dedicated myself to find more ways to stop this thing to attack my network. Yes, I am really scared about this one, as nobody knows what impact this can cause. May be its the best April fool prank ever had or may be some thing deadly. I don’t want to take any chance. So during my research, i got an additional info about OpenDNS.

OpenDNS is a free service that works for networks of all sizes, from home networks to K-12 schools, SMBs and large enterprises. The main reason why you should think about switching to Open DNS:

Security

* Industry-leading anti-phishing protects everyone on your network from fraudulent phishing scams.
* Award-winning Web content filtering gives you the power to block up to 50 categories of content.
* Detailed statistics empower you to understand your network traffic and spot trends before they become problems.

Infrastructure

* Their globally distributed network makes Web sites load noticeably faster on your network.
* Anycast routing technology makes your Internet more reliable, freeing you of intermittent outages.

Navigation

* Browser Shortcuts let your users map a short term to a long URL via the address bar.
* Typo correction auto-corrects the most common typos in top-level domains.
* OpenDNS Guide provides helpful search results when your users try to visit a Web site that isn’t resolving.

You just need to register an account in their site, and you will get two IP address which can be used as your DNS and then you can view the network status using the dashboard.

OpenDNS
Now the reason, why i am suggesting to have OpenDNS as a second layer of protection:

They have  rolled out a way for you to see if Conficker is living on your network. Conficker contains an algorithm that checks 250 new domains per day for instructions on what it should do. OpneDNS  teamed with Kaspersky Lab to identify those 250 daily domains, and stopped resolving them. But the number of domains increased to 50,000. OpenDNS will continue to identify the domains, all 50,000, and block them from resolving for all OpenDNS users. This means if you’re using OpenDNS, chance of conficker will be very very less.

To find out if Conficker has penetrated your network, simply log in to your account and select Stats on the left sidebar. From there choose Blocked Domains and filter “only domains blocked as malware.” This will generate a list of malware sites your network has attempted to connect with. As you can see the below snapshot, my network is safe from conficker for now. 🙂

OpenDNS blocked sites

I suggest all to add this as your second layer of defense and stop conficker.

About the author

Ambi