Malicious DNS lookup detected by OpenDNS

0

Upon logging into my OpenDNS dashboard, I got this happy message:

Malware/Botnet Activity Detected
Activity    Label    IP               Last seen
Malware     Home     107.2.178.118    Sep 9, 2012, 12:06am MDT

Here are the stats:

Rank    Domain                    Reason     Requests
1       js.tongji.linezing.com    Malware    2

From what I gather, this indicates that I visited a website at some point this morning that had been infected with a script of some kind which initiated the DNS lookup. I get the impression it's not anything that's installed on my machine, which would explain why Microsoft Security Essentials didn't detect anything.

I also understand that the DNS lookup could have been made by any device on my network that's using OpenDNS and there's no easy way to figure out which. But, even if it happened on another device, it sounds like there's nothing I can do about it but be more careful about the websites I visit.

Sound right? Or could one of MY devices be infected?

Big McLargeHuge

Posted 2012-09-09T19:43:17.900

Reputation: 449

This might be on the wrong site. Should I move it to Stack Overflow or something else> – Big McLargeHuge – 2012-09-09T19:44:26.950

Answers

3

What it indicates is that something on your network issued a DNS request to that DNS name.

You are correct in saying that it is not telling you which device on your network has done this. Assuming you are a user with a standard NATted residential ISP setup, there really isn't a way it can with the standard DNS protocol.

While no antivirus is 100% foolproof, it seems to me that it's more likely that OpenDNS is intercepting the lookup to this site because the site itself may be infected, and that visiting the site may cause an exploit to occur that may try to infect your system.

Possible situations you may be in:

  • You may be actually infected with something attempting to contact this domain name.
  • You may have tried to visit a website, and the website attempted to redirect you to this address.
  • You may have visited a website that sported compromised ads by an ad provider, or a website that was compromised and attempting to redirect you to this domain.

LawrenceC

Posted 2012-09-09T19:43:17.900

Reputation: 63 487

Any chance it could be a bad Firefox extension? I have a ton of those. – Big McLargeHuge – 2012-09-09T23:22:07.000

Asked: 2012-09-09T19:43:17.900

Viewed: 1 212 times

Active: 2012-12-20T17:03:25.327