Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Trojan uses a key internet feature to receive marching orders

$
0
0

Trojan uses a key internet feature to receive marching orders

If malware uses a remote command-and-control server to function, it's relatively easy to cripple it by blocking the internet addresses it uses. It's not always that easy, however, and researchers at Cisco's Talos group have found a textbook example of this in action. A recently discovered windows PowerShelltrojan, DNSMessenger, uses the Domain Name Service for communication -- you know, one of the cornerstones of the internet. Few computer users are equipped to block DNS without causing other problems, and they might not notice unusual data traffic even if they're looking for it. While using DNS isn't completely unheard of, DNSMessenger uses an "extremely uncommon" two-way approach that both sends commands to victim machines and sends results back to the attacker.


Viewing all articles
Browse latest Browse all 12749

Trending Articles