Friday, April 15, 2011

Is OpenDNS Using Scare Tactics to Get Users to Upgrade?

I've been a long-time user of OpenDNS. The free service allows you to add customizable content filtering for all internet activity on your network and provides extremely fast DNS look-up results, making browsing faster. OpenDNS even tracks statistics on network activity and puts it in a handy dashboard. When I logged in to my OpenDNS Dashboard recently, I noticed an alert informing me that there was "Malware/Botnet Activity Detected" on my network. The Dashboard prompted me to check my stats so that I could supposedly track down whatever malware may or may not be active on my network.
If you attempt to view the stats with a free account, you are taken to a page that prompts you to pay for an upgrade, "You’re going further back in time than your plan allows. Have you considered upgrading? Let’s do this"
This tactic seems a little like some of those anti-malware programs that claim to have found an evil program on your computer and if you pay for the upgrade it will clean up the infection. I'm obsessive about making sure all devices on my network have the latest OS patches and anti-malware definitions. Perhaps the malware/botnet activity was from a visiting device, a false positive, or maybe some devices on my network really are infected. Curiously though, the last activity was seen Jan 16--quite a while ago.

Has anyone else seen malware/botnet activity detected in their OpenDNS network stats? For those of you who may have upgraded to a paid OpenDNS account, what is the benefit of upgrading? Does it provide sufficient information to track down any potential threats on your network, or is this just a scare tactic?


  1. Unfortunately, it is more than likely that there is some malware activity going on. I recently had an incident, where I was getting the botnet/malware alert (I have been a long time OpenDNS user of the Free Product) and by using a tcp_dump feature on my firewall found the device that was trying to phone home. It turned out it was a contractor, who was using his own laptop on site. After I brough this to his attention he used malwarebytes to clean up his system at which points the alerts ceased. Anyway, just my $0.02 on the matter.

  2. Yeah, it must have been a visiting family member, in which case, I may or may not be getting a phone call soon for a request to come clean up the laptop. :-)

  3. I use several apps that will send imcp ping requests to any given host i choose,to monitor the quality in real time of my Internet connection, these tools will show packet loss latency ect, i think that open dns may see these as malware botnet ect

  4. I recently had a similar issue, but after all it turned out to be my modem sending out thousands of requests after I unplugged my router for the night.