[dns-operations] Caching nameservers as malware distribution mechanism

Phil Regnauld regnauld at nsrc.org
Tue Mar 8 17:16:27 UTC 2011


Paul Hoffman (phoffman) writes:
> On 3/8/11 8:49 AM, David Ulevitch wrote:
> >The botnet malware they are already infected with. :-) They are really just talking about a different distribution mechanism since lots of AV systems hook into the HTTP stream already.
> 
> Thanks, that makes much more sense. It is the follow-on data, not
> the original vector.

	Aw, a slide does say "DNS is a key enabling technology for botnets".

	So DNS is dangerous.  I can already hear upper management asking IT
	departments to turn it off.

	Cheers,
	Phil



More information about the dns-operations mailing list