11 Replies Latest reply: May 12, 2012 12:59 PM by WZZZ
jane666 Level 1 Level 1 (0 points)

Hi all,

 

I am, from today, unable to access  my home page - I get taken to:-

 

http://malware.opendns.com/main?url=www.cafc.co.uk%2Fpage%2FHome%2F0%2C%2C10267% 2C00.html&nref=&w=1707&h=867&ifc=0

 

with the message:-

 

This host was blocked by OpenDNS in response to the Conficker virus, the Microsoft IE zero-day vulnerability, an equally serious vulnerability, or some other threat.

 

I don't understand what this means, and of course I need to get into my home page. Is there anything I can do?

 

Thanks.


iMac, Mac OS X (10.6.7)
  • 1. Re: Conflicker virus??
    WZZZ Level 6 Level 6 (12,220 points)

    OpenDNS is blocking this known Windows only threat at that site, which must have been hacked. If you aren't running Windows on a partition, then you have nothing to worry about by going there. I don't know how OpenDNS blocking works -- I use but do not subscribe to OpenDNS -- but does it allow you to go anyway, despite the warning?

     

    Can you log in to your OpenDNS account and change the settings so this is not blocked, at least temporarily until the site is cleaned?

  • 2. Re: Conflicker virus??
    jane666 Level 1 Level 1 (0 points)

    Thanks. The wierd thing is I don't have an openDNS account so I can't understand how it's spotted this problem - unless it is running silently in the background on my mac. I have certainly never signed up to it.

  • 3. Re: Conflicker virus??
    WZZZ Level 6 Level 6 (12,220 points)

    I tried going just to http://www.cafc.co.uk, not using your complete link and I'm seeing that the entire domain is blocked for me as well by OpenDNS. I guess an account is not needed. I would wait a bit and see if it gets cleaned up.

     

    As for not understanding why you have OpenDNS at all, go to System Preferences>Network>Advanced>DNS and report back with the numbers you have there. The ones for OpenDNS are

     

    208.67.222.222

     

    208.67.222.220

  • 4. Re: Conflicker virus??
    jane666 Level 1 Level 1 (0 points)

    I have those numbers aswell.

     

    I have tried to get a message to someone I know is connected to cafc.co.uk through twitter, but as he more than likely uses a windows based pc to update the website he may not understand that mac users are being blocked.

     

    Thanks for your assistance; for a moment I thought that I had inadvertently downloaded malware/virus, but I now see that Open DNS is protecting me.

     

    Thanks.

  • 5. Re: Conflicker virus??
    WZZZ Level 6 Level 6 (12,220 points)

    Well, if he's aware and a sys admin, or can contact one, they should be able to disinfect the site. BTW, the conficker is old news from 2009. I didn't know it was still around. But, then again, I don't follow Windows viruses.

     

    I've checked with a few malware reporting sites, including Google Safe Browsing, and that site comes up negative. Maybe a false positive from OpenDNS? Or something brand new.

     

    Message was edited by: WZZZ

     

    If you think this shouldn't be blocked, please email us at malware-block@opendns.com.

    Ask them to investigate.

  • 6. Re: Conflicker virus??
    jane666 Level 1 Level 1 (0 points)

    Thanks for your help WZZZ. I hope the site gets disinfected (if indeed it is infected).

     

    If there is no problem and Open DNS are reprting a false positive, any idea how I can get past the warning page?

  • 7. Re: Conflicker virus??
    WZZZ Level 6 Level 6 (12,220 points)

    Well, you could go into that location in Network and enter these numbers above the ones for OpenDNS. They are Google public DNS servers. They will be used first, before the ones for OpenDNS. Go back in and remove them using the minus button when this has passed over, or move them below the OpenDNS ones as a backup if the OpenDNS Servers are ever down.

     

    8.8.8.8

     

    8.8.4.4

     

    Even if there is a problem, the conficker worm can't do anything to a Mac.

  • 8. Re: Conflicker virus??
    WZZZ Level 6 Level 6 (12,220 points)

    One thing you should know, however, is that OpenDNS is preventing connections to the Flashback Command & Control botnet servers, if you have been infected. So, before disabling OpenDNS, be sure to turn off Java, not JavaScript, in your browser, and get the latest Java update from Software Update, which includes a patch against the Flashback infection and a removal tool, which will run if needed.

     

    OpenDNS may have been protecting you all the while against this.

  • 9. Re: Conflicker virus??
    jane666 Level 1 Level 1 (0 points)

    Thanks WZZZ, I'll give that a try and see what happens.

  • 10. Re: Conflicker virus??
    jane666 Level 1 Level 1 (0 points)

    WZZZ, all my software updates are up to date - I installed a java update on 14 April. So I assume this is the update which you refer to in your last reply re patch against Flashback infection? If so, can I safely go into Network and put in the 8.8.8.8. and 8.8.4.4.?

     

    Sorry but am still a novice re mac, so do not know what Flashback Command & Control botnet servers are. Is there a scan I can run to see if I have got any infections (like I was able to do when I had a pc)?

     

    Thanks again in anticipation of your assistance.

  • 11. Re: Conflicker virus??
    WZZZ Level 6 Level 6 (12,220 points)

    If your're running 10.6.8 and Software Update isn't showing a Java update, then you've done everything that's needed. That update was released on 4/12, so it looks like you got it. Still, disable Java in your browser. It's hardly ever required by any sites, and even the newly patched version will almost certainly be exploited again at some point.

     

    I'd also recommend turning off Java completely in Java Preferences.app in Utilities. Just go in and uncheck both boxes. You can always go back in and turn it on if needed.