Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Researchers Reveals a Rise in Domain Generation Algorithm

According to new research by Damballa, the evasion method also called as obfuscation method include the increased utilization of domain generation algorithm, as reported by CYBERLEAKS on March 12, 2012.

DGA permit the malware to neglect blacklist, signature files, and reputation-based system and also permits botnet operators to conceal their command- and control-server from signatures-based security tools utilizing algorithm to spread out energetically to a number of servers, other than utilizing static servers, which are effortlessly situated, observed Gunter Ollmann, Vice President of research at Damballa.

As per the Damballa, six families that use these methods are there along with the latest Zeus variant, Bamital, Bank patch, Bonnana, Expiro.Z, and Shiz. The DGA's is mostly used by Bank patch as it is the oldest.

The concept of DGA is quite simple, but amazingly sly, Damballa said. malware infecting an end-point device is coded with an algorithm that utilizes a 'seed' value, as the present date for generating potentially a lot of apparent random domain names that attempt to determine IP address.

The research team at Damballa showed their concern that DGAs are not dead. Also, that they are already in use for criminal activities at an incredible rate. DGA's are being implemented for backup strategies. Although crimeware families is famous and its conventional C&C infrastructure is blocked or hindered, the DGA contingency plan is striving in and permitting the crime ware to get some novel instructions and upload the robbed data.
The authors behind the conficker variants tested with a number of algorithm but they have not succeeded in constructing a consistent botnet. Instead of minor flaws, conficker contaminated device still blamed for sizable fraction of known malware infection around the work- years after the threat was examined to the depth and protection solutions are available everywhere.

Though the inclusion of DGAs to the existing stealthy and updated crime ware is a major menace to the security of corporate, it should however be noted that the process is now employed by the criminal operators pertaining to the registration of updated addition/removal of C&C servers, domain names, and configuration of DNS. Professional cyber crooks are exploiting their deployments for minimum exposure and maximum profit.

Related article: Researchers Urge Caution against phishing Scams

» SPAMfighter News - 17-03-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next