Main Area and Open Discussion > Living Room
Conficker - The Facts
nosh:
From the Windows Secrets article linked above by PhilB66
Admins of small and large LANs can use OpenDNS as a Domain Name System server.
The firm introduced on Feb. 9 a new, Conficker-specific feature. If an infected PC on a LAN somehow evaded detection, OpenDNS will prevent it from contacting Conficker's control servers. Best of all, admins can read a report showing which PC tried to connect to a Conficker server.
--- End quote ---
It's nice to have a proactive DNS provider! :)
Edit: Direct link to the standalone ESET Conficker Removal tool. Just 119 KB and it tells you immediately if Conficker is found in memory.
Ehtyar:
How does conficker block those URLs? Simply hooking the winsock DNS resolving functions, or setting the machine's DNS server?
-f0dder (March 31, 2009, 01:28 AM)
--- End quote ---
Conflicker patches DnsQuery() in memory.
From the Windows Secrets article linked above by PhilB66
Admins of small and large LANs can use OpenDNS as a Domain Name System server.
The firm introduced on Feb. 9 a new, Conficker-specific feature. If an infected PC on a LAN somehow evaded detection, OpenDNS will prevent it from contacting Conficker's control servers. Best of all, admins can read a report showing which PC tried to connect to a Conficker server.
--- End quote ---
It's nice to have a proactive DNS provider! :)
-nosh (March 31, 2009, 02:13 AM)
--- End quote ---
It will be interesting to see if that applies to the millions of domains potentially generated by Variant C. It also won't effect the p2p update mechanism...
Ehtyar.
gally:
Here's a partial list assuming all are .com and not .net
windowsupdate.microsoft.com
The IP address for the domain is: 207.46.225.221
wilderssecurity.com
The IP address for the domain is: 65.175.38.194
trendmicro.com
The IP address for the domain is: 66.35.255.33
symantec.com
The IP address for the domain is: 206.204.52.31
sunbelt.com
The IP address for the domain is: 69.4.229.56
spamhaus.com
The IP address for the domain is: 24.28.193.9
sophos.com
The IP address for the domain is: 213.31.172.77
secureworks.com
The IP address for the domain is: 67.107.53.168
securecomputing.com
The IP address for the domain is: 66.45.10.76
safety.live.com
The IP address for the domain is: 65.55.240.12
prevx.com
The IP address for the domain is: 62.189.194.222
pctools.com
The IP address for the domain is: 67.192.81.184
panda.com
The IP address for the domain is: 206.124.149.114
onecare.com
The IP address for the domain is: 207.46.197.32
mcafee.com
The IP address for the domain is: 216.49.88.12
norton.com
The IP address for the domain is: 206.204.52.31
: nod32.com
The IP address for the domain is: 72.3.254.86
kaspersky.com
The IP address for the domain is: 195.27.181.34
grisoft.com
The IP address for the domain is: 193.86.103.19
emsisoft.com
The IP address for the domain is: 80.237.191.14
comodo.com
The IP address for the domain is: 91.199.212.132
: castlecops.com
The IP address for the domain is: 204.152.184.144
avast.com
The IP address for the domain is: 67.228.112.196
agnitum.com
The IP address for the domain is: 67.15.231.71
: avg.com
The IP address for the domain is: 193.86.103.19
J-Mac:
Wow! What a job, gally!
Thank you very much for that!
Jim
wreckedcarzz:
Can someone here assure me that the computers I have are safe (at least to an extent)? I've reformatted 2 computers within the last 3 months, I really don't want to do it again...
Basics:
All computers running Spyware Terminator w/ ClamAV
All computers running Windows Firewall
All patches from Microsoft/Windows Update applied
All computers behind firewalled router w/ OpenDNS nameservers
My primary computer has DMZ enabled, but Windows Firewall enabled as well
Passwords:
My two computers have a dictionary word (although long) password
Dad's computer has a non-dictionary combination word
Home file server requires no password to access via the LAN (can't remember if it has a logon password or not, it does an automatic logon at boot)
What are the chances of any of my computers being infected? What else should I do to lockdown my home network so I don't catch hell if we end up getting this crap?
EDIT: The file server computer had no password assigned to my account (Administrator rights), fixed that...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version