Malware to increasingly abuse DNS
Security researchers have looked at ways to abuse the domain-name service (DNS) for years. Now, some researchers are warning the protocol may increasingly be used to help criminals communicate with compromised systems.
At the RSA Conference in February, a senior security consultant with InGuardians predicted more malware would hide its commands and exfiltrated data in DNS packets. The advantage for malware writers is that, even if a company bars a potentially infected computer from contacting the Internet, malware could send DNS requests to a local server, which would then act as a proxy, bypassing defenses. To date, the tactic has been relatively rare: Perhaps a dozen malware variants have used the domain-name system to send commands and updates to botnets.