Detecting and tracking the rise of DGA-based malware

• Autores: Manos Antonakakis, Roberto Perdisci, Nikolaos Vasiloglou, Wenke Lee
• Localización: ;login:: the magazine of USENIX & SAGE, ISSN 1044-6397, Vol. 37, Nº. 6, 2012, págs. 15-24
• Idioma: inglés
• Texto completo no disponible (Saber más ...)
• Resumen

  • When bots go in search of their command and control (C&C) servers, they often use algorithmically generated domain names (DGAs). We have created a system (Pleiades) that watches unsuccessful DNS resolution requests (NXDomain) from recursive DNS servers in large networks. Pleiades can reliably identify new clusters of NXDomains generated by DGAs, the newly infected hosts, and often, the actual C&C servers the DGA malware employs. In this article, we explain how our system works, as well as the most interesting information about current bot infections and C&C structures