[dns-operations] Caching nameservers as malware distribution mechanism
Paul Hoffman
phoffman at proper.com
Tue Mar 8 15:56:41 UTC 2011
On 3/8/11 2:46 AM, Roberto Navarro - TusProfesionales.es wrote:
> It was disclosed past week at rootedcon (www.rootedcon.es):
>
> http://www.slideshare.net/rootedcon/francisco-jess-gmez-carlos-juan-diaz-cloud-malware-distribution-dns-will-be-your-friend-rootedcon-2011
Could you explain a bit about how the malware would be activated? That
is, the slides just seem to show how you can get zipped malware into DNS
caches. How would a user who is tricked into retrieving those records
actually have the malware unzipped and executed? What processes would do
that?
More information about the dns-operations
mailing list