[dns-operations] Caching nameservers as malware distribution mechanism

Roberto Navarro - TusProfesionales.es rnavarro at tusprofesionales.es
Tue Mar 8 17:41:00 UTC 2011

It seems a better, more efficient, persistent and cheap mechanism that a web 

Roberto Navarro

Abansys & Hostytec S.L.
Cl. Charles Robert Darwin, 20 (Parque Tecnológico)
46980 Paterna - Valencia
Telf. 902 999 019

----- Original Message ----- 
From: "Phil Regnauld" <regnauld at nsrc.org>
To: "Paul Hoffman" <phoffman at proper.com>
Cc: <dns-operations at mail.dns-oarc.net>; "David Ulevitch" <david at opendns.com>
Sent: Tuesday, March 08, 2011 6:16 PM
Subject: Re: [dns-operations] Caching nameservers as malware distribution 

> Paul Hoffman (phoffman) writes:
>> On 3/8/11 8:49 AM, David Ulevitch wrote:
>> >The botnet malware they are already infected with. :-) They are really 
>> >just talking about a different distribution mechanism since lots of AV 
>> >systems hook into the HTTP stream already.
>> Thanks, that makes much more sense. It is the follow-on data, not
>> the original vector.
> Aw, a slide does say "DNS is a key enabling technology for botnets".
> So DNS is dangerous.  I can already hear upper management asking IT
> departments to turn it off.
> Cheers,
> Phil
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list