Use OpenDNS to block winzipices.cn

By Jonathan Yaniv
in Back Page News

 Share

Recommended Posts

Explorer

Jonathan Yaniv

Posted
Posted

I am really saddened to see another worm on the loose.

The easiest way to not get infected accidently is to block winzipices.cn from your network.

There is one easy way to do this.

Go to www.opendns.com/start

Setup OpenDNS on your network by changing the DNS..

Create an account at OpenDNS, add a new network, call it home or work, what ever you please.

Go into "Settings" then "Block Individual Domains"

Add winzipices.cn to the block list

Go to command prompt, type "ipconfig /flushdns" this will flush the DNS resolver cache

Conclusion: No more risk of getting worm.

Link to comment
https://www.neowin.net/forum/topic/635979-use-opendns-to-block-winzipicescn/
Share on other sites
Explorer

Jonathan Yaniv

Posted
  • Author
Posted
cant i just do it by editing the HOSTS file?

Yes you can, but if you have multiple computers, or manage a large network this is the easiest way.

Once you use OpenDNS to take advantage of its great features, Adware blocking :D and blocking advertising sites, etc...

One click, and no more adware gets ever loaded onto your network

Grand Master

metallithrax

Posted
Posted
Yes you can, but if you have multiple computers, or manage a large network this is the easiest way.

Once you use OpenDNS to take advantage of its great features, Adware blocking :D and blocking advertising sites, etc...

One click, and no more adware gets ever loaded onto your network

Careful what you say there. They are a bit funny about talk of blocking adverts.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted (edited)
cant i just do it by editing the HOSTS file?

Sure, but if you are like I am, and have a home network, then this is sort of a one-stop-does-all type of fix, rather than going to several PCs and making changes.

EDIT: Beaten to the post about 3 times in one minute! :punch:

Explorer

Jonathan Yaniv

Posted
  • Author
Posted

I have added the domain winzipices.cn to opendns global domain tagging

I tagged it as Adware, since the Malware category isnt up yet.

http://domain.opendns.com/winzipices.cn

If everyone can vote on that domain name as adware, I can get it blocked throughout all OpenDNS users who have the "Adware" category blocked on OpenDNS.

Explorer

Jonathan Yaniv

Posted
  • Author
Posted
Can somebody help explain what the advantage to using Open DNS is? They probably have something on their website, but I am a bit short on time today. Thanks!

"OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes. We block phishing sites, give you the power to filter out adult sites and proxies among more than 50 categories, and provide the precision to block individual domains."

It also makes loading times way faster.

Grand Master

+Mystic MVC

Posted
  • MVC
Posted
"OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes. We block phishing sites, give you the power to filter out adult sites and proxies among more than 50 categories, and provide the precision to block individual domains."

It also makes loading times way faster.

No offense but how? How would this be different from using my ISP's? Can't I already block/filter out tons of stuff with my router?

Explorer

Jonathan Yaniv

Posted
  • Author
Posted
No offense but how? How would this be different from using my ISP's? Can't I already block/filter out tons of stuff with my router?

"OpenDNS is faster is because we run some of the largest DNS caches around and do it on our own high-performance network, running our own software. We can hold tens of millions of records and zones in local cache, saving you the extra round-trips to find the addresses.

OpenDNS gets better as our user base grows. Why? Our caches are really big. The more people using OpenDNS, the more addresses our caches are holding at any given time."

Explorer

Jonathan Yaniv

Posted
  • Author
Posted

You just go into your Network adapter settings, click properties, change the DNS server address, reboot your computer.

Thats the simpliest way

If you have a router, change the DNS servers of your router.

Its really easy..

http://www.opendns.com/start

i never thought of using this service before, im glad i read this topic

The technology they use is simply amazing.. and it keeps getting better every day. Each day I hear about new improvements or ideas to the backend and frontend of OpenDNS and they are just simply amazing.

Explorer

Jonathan Yaniv

Posted
  • Author
Posted

Does anyone have any details on the malware itself? What browsers does it affect? What exactly does the malware do, etc? Or better yet, can someone upload the actual malware someplace?

Too risky.

But this is what i could find

"WinZipIces.cn - Several thousand websites have been hacked by a MySQL exploit that redirects visitors to WinZipIces.cn where a phishing trojan is downloaded onto your PC.

Prominent sites affected by the WinZipIces.cn hack are WiredSeniors.com, CGSI.org, MoviesUnlimited, SeniorsTravelGuide.com, CancerIssues.com, USSC.edu, UCLA.edu, telluride-co.gov, and thousands more hacked websites which are similarly infected worldwide.

The WinZipIces phishing exploit launched by Chinese hackers using an automated script that searches for an unpatched SQL vulnerability on web servers downloads two files onto visitors computers, JS_DLOADER.AEHM and TROJ_REALPLAY.BR.

Both these initial files in turn download TROJ_AGENT.AKVP onto the infected system of visitors to these hacked websites.

Users should make sure their own personal computers are not infected by the WinZipIces hack by having current antivirus software and firewalls installed and active on their PCs.

You can go to download.com (a site run by PC Week & CNET) to get free versions of AVG antivirus and Zone Labs personal firewall there, so there?s no excuse for letting your own PC get hacked.

Website hosting providers should check their servers to be sure all patches have been applied to vulnerable servers. Experts expect the wave of infected sites to continue for the next week to ten days."

http://a11news.com/95/winzipices-cn/

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.