Skip navigation

Conflicker virus??

762 Views 11 Replies Latest reply: May 12, 2012 12:59 PM by WZZZ RSS
jane666 Calculating status...
Currently Being Moderated
May 12, 2012 7:15 AM

Hi all,

 

I am, from today, unable to access  my home page - I get taken to:-

 

http://malware.opendns.com/main?url=www.cafc.co.uk%2Fpage%2FHome%2F0%2C%2C10267% 2C00.html&nref=&w=1707&h=867&ifc=0

 

with the message:-

 

This host was blocked by OpenDNS in response to the Conficker virus, the Microsoft IE zero-day vulnerability, an equally serious vulnerability, or some other threat.

 

I don't understand what this means, and of course I need to get into my home page. Is there anything I can do?

 

Thanks.

iMac, Mac OS X (10.6.7)
  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 12, 2012 8:12 AM (in response to jane666)

    OpenDNS is blocking this known Windows only threat at that site, which must have been hacked. If you aren't running Windows on a partition, then you have nothing to worry about by going there. I don't know how OpenDNS blocking works -- I use but do not subscribe to OpenDNS -- but does it allow you to go anyway, despite the warning?

     

    Can you log in to your OpenDNS account and change the settings so this is not blocked, at least temporarily until the site is cleaned?

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 12, 2012 8:45 AM (in response to jane666)

    I tried going just to http://www.cafc.co.uk, not using your complete link and I'm seeing that the entire domain is blocked for me as well by OpenDNS. I guess an account is not needed. I would wait a bit and see if it gets cleaned up.

     

    As for not understanding why you have OpenDNS at all, go to System Preferences>Network>Advanced>DNS and report back with the numbers you have there. The ones for OpenDNS are

     

    208.67.222.222

     

    208.67.222.220

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 12, 2012 9:19 AM (in response to jane666)

    Well, if he's aware and a sys admin, or can contact one, they should be able to disinfect the site. BTW, the conficker is old news from 2009. I didn't know it was still around. But, then again, I don't follow Windows viruses.

     

    I've checked with a few malware reporting sites, including Google Safe Browsing, and that site comes up negative. Maybe a false positive from OpenDNS? Or something brand new.

     

    Message was edited by: WZZZ

     

    If you think this shouldn't be blocked, please email us at malware-block@opendns.com.

    Ask them to investigate.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 12, 2012 9:39 AM (in response to jane666)

    Well, you could go into that location in Network and enter these numbers above the ones for OpenDNS. They are Google public DNS servers. They will be used first, before the ones for OpenDNS. Go back in and remove them using the minus button when this has passed over, or move them below the OpenDNS ones as a backup if the OpenDNS Servers are ever down.

     

    8.8.8.8

     

    8.8.4.4

     

    Even if there is a problem, the conficker worm can't do anything to a Mac.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 12, 2012 9:55 AM (in response to WZZZ)

    One thing you should know, however, is that OpenDNS is preventing connections to the Flashback Command & Control botnet servers, if you have been infected. So, before disabling OpenDNS, be sure to turn off Java, not JavaScript, in your browser, and get the latest Java update from Software Update, which includes a patch against the Flashback infection and a removal tool, which will run if needed.

     

    OpenDNS may have been protecting you all the while against this.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 12, 2012 12:59 PM (in response to jane666)

    If your're running 10.6.8 and Software Update isn't showing a Java update, then you've done everything that's needed. That update was released on 4/12, so it looks like you got it. Still, disable Java in your browser. It's hardly ever required by any sites, and even the newly patched version will almost certainly be exploited again at some point.

     

    I'd also recommend turning off Java completely in Java Preferences.app in Utilities. Just go in and uncheck both boxes. You can always go back in and turn it on if needed.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.