Malware is using DNS to avoid detection

Attackers have taken to using the Domain Name System (DNS) to communicate with their botnets, rather than more traditional avenues such as TCP and HTTP. That’s because you can generally detect the malicious traffic going through those protocols with your firewall or IDS/IPS. That’s harder to do with DNS traffic, because it doesn’t normally get inspected or filtered. Thus clever bot masters are hiding their transmissions by taking advantage of this, sending instructions to zombie (infected) computers via DNS responses. Find out more about this here:

http://www.computerworld.com/s/article/9224743/Malware_increasingly_uses_DNS_to_avoid_detection_experts_say?taxonomyId=17

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top