Use OpenDNS to block winzipices.cn

[Jonathan Yaniv]

I am really saddened to see another worm on the loose.

The easiest way to not get infected accidently is to block winzipices.cn from your network.

There is one easy way to do this.

Go to www.opendns.com/start

Setup OpenDNS on your network by changing the DNS..

Create an account at OpenDNS, add a new network, call it home or work, what ever you please.

Go into "Settings" then "Block Individual Domains"

Add winzipices.cn to the block list

Go to command prompt, type "ipconfig /flushdns" this will flush the DNS resolver cache

Conclusion: No more risk of getting worm.

[Fit4130Rider]

I love OpenDNS so much, it's so damn fast and snappy. And I love how I can see how many DNS queries I make.

[JustGeorge]

Done, thanks :)

[Echilon]

Been using it for a couple of years. Thanks for the info. (Y)

[rpgfan]

Thanks for the heads-up. This is why I use OpenDNS. ^_^

[Ivand]

cant i just do it by editing the HOSTS file?

[JustGeorge]

cant i just do it by editing the HOSTS file?

Yes, but that only applies to the individual PC. If you have more than one PC, this is much quicker :)

[Jonathan Yaniv]

cant i just do it by editing the HOSTS file?

Yes you can, but if you have multiple computers, or manage a large network this is the easiest way.

Once you use OpenDNS to take advantage of its great features, Adware blocking :D and blocking advertising sites, etc...

One click, and no more adware gets ever loaded onto your network

[Fred Derf Veteran]

cant i just do it by editing the HOSTS file?

Just add this to the end:

127.0.0.1	winzipices.cn www.winzipices.cn

[metallithrax]

Yes you can, but if you have multiple computers, or manage a large network this is the easiest way.

Once you use OpenDNS to take advantage of its great features, Adware blocking :D and blocking advertising sites, etc...

One click, and no more adware gets ever loaded onto your network

Careful what you say there. They are a bit funny about talk of blocking adverts.

[markwolfe Veteran]

cant i just do it by editing the HOSTS file?

Sure, but if you are like I am, and have a home network, then this is sort of a one-stop-does-all type of fix, rather than going to several PCs and making changes.

EDIT: Beaten to the post about 3 times in one minute! :punch:

[Jonathan Yaniv]

I have added the domain winzipices.cn to opendns global domain tagging

I tagged it as Adware, since the Malware category isnt up yet.

http://domain.opendns.com/winzipices.cn

If everyone can vote on that domain name as adware, I can get it blocked throughout all OpenDNS users who have the "Adware" category blocked on OpenDNS.

[Jonathan Yaniv]

Update:

Now approved in the ADWARE category in OpenDNS.

[Stuge]

I'm also using OPEN DNS :D

[Jonathan Yaniv]

I'm also using OPEN DNS :D

Awesome man.

[+Mystic MVC]

Can somebody help explain what the advantage to using Open DNS is? They probably have something on their website, but I am a bit short on time today. Thanks!

[MMaster23]

nice feature but I prefer my own DNS servers as they are only 25km's away from me, low ping and on the net as my ISPs

[Jonathan Yaniv]

Can somebody help explain what the advantage to using Open DNS is? They probably have something on their website, but I am a bit short on time today. Thanks!

"OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes. We block phishing sites, give you the power to filter out adult sites and proxies among more than 50 categories, and provide the precision to block individual domains."

It also makes loading times way faster.

[+Mystic MVC]

"OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes. We block phishing sites, give you the power to filter out adult sites and proxies among more than 50 categories, and provide the precision to block individual domains."

It also makes loading times way faster.

No offense but how? How would this be different from using my ISP's? Can't I already block/filter out tons of stuff with my router?

[Jonathan Yaniv]

No offense but how? How would this be different from using my ISP's? Can't I already block/filter out tons of stuff with my router?

"OpenDNS is faster is because we run some of the largest DNS caches around and do it on our own high-performance network, running our own software. We can hold tens of millions of records and zones in local cache, saving you the extra round-trips to find the addresses.

OpenDNS gets better as our user base grows. Why? Our caches are really big. The more people using OpenDNS, the more addresses our caches are holding at any given time."

[k311]

i never thought of using this service before, im glad i read this topic

[+Mystic MVC]

I guess I am just a bit hesitant to use it because I have such a delicate network structure here at home. How difficult is it to implement?

[Jonathan Yaniv]

You just go into your Network adapter settings, click properties, change the DNS server address, reboot your computer.

Thats the simpliest way

If you have a router, change the DNS servers of your router.

Its really easy..

http://www.opendns.com/start

i never thought of using this service before, im glad i read this topic

The technology they use is simply amazing.. and it keeps getting better every day. Each day I hear about new improvements or ideas to the backend and frontend of OpenDNS and they are just simply amazing.

[[deXter]]

Does anyone have any details on the malware itself? What browsers does it affect? What exactly does the malware do, etc? Or better yet, can someone upload the actual malware someplace?

[Jonathan Yaniv]

Does anyone have any details on the malware itself? What browsers does it affect? What exactly does the malware do, etc? Or better yet, can someone upload the actual malware someplace?

Too risky.

But this is what i could find

"WinZipIces.cn - Several thousand websites have been hacked by a MySQL exploit that redirects visitors to WinZipIces.cn where a phishing trojan is downloaded onto your PC.

Prominent sites affected by the WinZipIces.cn hack are WiredSeniors.com, CGSI.org, MoviesUnlimited, SeniorsTravelGuide.com, CancerIssues.com, USSC.edu, UCLA.edu, telluride-co.gov, and thousands more hacked websites which are similarly infected worldwide.

The WinZipIces phishing exploit launched by Chinese hackers using an automated script that searches for an unpatched SQL vulnerability on web servers downloads two files onto visitors computers, JS_DLOADER.AEHM and TROJ_REALPLAY.BR.

Both these initial files in turn download TROJ_AGENT.AKVP onto the infected system of visitors to these hacked websites.

Users should make sure their own personal computers are not infected by the WinZipIces hack by having current antivirus software and firewalls installed and active on their PCs.

You can go to download.com (a site run by PC Week & CNET) to get free versions of AVG antivirus and Zone Labs personal firewall there, so there?s no excuse for letting your own PC get hacked.

Website hosting providers should check their servers to be sure all patches have been applied to vulnerable servers. Experts expect the wave of infected sites to continue for the next week to ten days."

http://a11news.com/95/winzipices-cn/