discussion Malware in DNS

[moocow]

Not a network guy so the article is slightly over my head. From what I could understand, parts of a malware is divided into parts and embed into a DNS. AI is used to recombine the code and deploy it.

https://www.techspot.com/news/108707-hackers-now-hiding-malware-dns-using-ai-reassemble.html

 

[anabioz]

Not a network guy so the article is slightly over my head. From what I could understand, parts of a malware is divided into parts and embed into a DNS. AI is used to recombine the code and deploy it.

https://www.techspot.com/news/108707-hackers-now-hiding-malware-dns-using-ai-reassemble.html

Clever, until detected. Use Quad9 DNS.

 

[JD]

Hopefully Quad9 (9.9.9.9) and Cloudflare's "Security" (1.1.1.2) DNS can do something to prevent this in the future, though I'm not entirely sure how. They'd have to somehow validate that the TXT record contains "valid" data, but I'm not sure what they'd really be checking it against.

I suppose realistically it's more on the anti-malware solution on your client device to prevent such code execution. How the code gets to your machine isn't really the issue, it's whether it's allowed to run or not.

 

[anabioz]

Hopefully Quad9 (9.9.9.9) and Cloudflare's "Security" (1.1.1.2) DNS can do something to prevent this in the future, though I'm not entirely sure how. They'd have to somehow validate that the TXT record contains "valid" data, but I'm not sure what they'd really be checking it against.

I suppose realistically it's more on the anti-malware solution on your client device to prevent such code execution. How the code gets to your machine isn't really the issue, it's whether it's allowed to run or not.

I concur, it is not easy.