Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    A proof-of-concept (POC) backdoor was recently discovered to be utilizing DNS protocol instead of the usual IRC channels to exchange information between zombie systems and bot masters.

    Detected by Trend Micro as BKDR_FONAMEBOT.A, it contains a predefined list of domain names in its body. From the list, it randomly chooses a domain name, and then sends a query to a malicious DNS server. It does this random act of choosing to foil easy detection. The DNS is believed to be the default DNS server of the affected system. However, if this server is unknown, the query is then sent to the malicious user’s DNS server instead. Once the request has been received by the malicious DNS, it then replies to the query by allowing this backdoor to perform commands that can eventually compromise systems.

    This backdoor can further cloak its communication capabilities, and compromised DNS servers can be used to cover tracks of remote malicious users. It may have just blazed a new trail for backdoors. Greater adoption of the same tactic would mean that users could be more vulnerable to phishing, and perhaps itâ??s time DNS traffic is more closely looked into by anti-malware products.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice