[dns-operations] Malware Increasingly Uses DNS as Command and Control Channel to Avoid Detection, Experts Say

Francisco J. Gómez Rodríguez ffranz at iniqua.com
Fri Mar 9 06:29:10 UTC 2012


Hi All,

Thanks Hugo for the references.
Besides few days ago we have presented a continuation of work presented a
year ago. It's include a Data-leak over DNS that complement DNS malware
distribution showed last year. Also we are going to release a 'flu' (an
open source trojan) version that uses DNS as communication protocol.

http://www.slideshare.net/ffranz/rootedcon2012-dns-a-botnet-dialect-carlos-diaz-francisco-j-gomez

-
*@**ffranz* (cc) 2012


On Fri, Mar 9, 2012 at 12:06 AM, Hugo Salgado <hsalgado at nic.cl> wrote:

> On 03/08/2012 11:00 AM, Stephane Bortzmeyer wrote:
> > Anyone has details, published results, etc?
> >
>
> Don't know if it's the same, but last year there was a study using
> "open emitters" (free and "unauthorized" use of subdomains) and open
> resolvers to distribute malware:
> <
> http://www.slideshare.net/rootedcon/francisco-jess-gmez-carlos-juan-diaz-cloud-malware-distribution-dns-will-be-your-friend-rootedcon-2011
> >
>
> Hugo
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120309/6665547f/attachment.html>


More information about the dns-operations mailing list