Latest in Gear

Image credit:

Trojan uses a key internet feature to receive marching orders

You can't easily stop this malware in its tracks.
Jon Fingas, @jonfingas
March 6, 2017
Share
Tweet
Share

Sponsored Links

De Agostini/Getty Images

If malware uses a remote command-and-control server to function, it's relatively easy to cripple it by blocking the internet addresses it uses. It's not always that easy, however, and researchers at Cisco's Talos group have found a textbook example of this in action. A recently discovered Windows PowerShell trojan, DNSMessenger, uses the Domain Name Service for communication -- you know, one of the cornerstones of the internet. Few computer users are equipped to block DNS without causing other problems, and they might not notice unusual data traffic even if they're looking for it. While using DNS isn't completely unheard of, DNSMessenger uses an "extremely uncommon" two-way approach that both sends commands to victim machines and sends results back to the attacker.

It's not certain what the malware writers were hoping to accomplish, although the code trash-talks Cisco's own SourceFire security hardware. This was likely aimed at specific targets rather than a carpet bombing campaign.

The good news? You probably won't run into this. The malware is currently distributed in specially coded Word documents, and Cisco recently launched a product (Umbrella) specifically designed to counter DNS-based attacks like this. Even so, this shows just how stealthy attacks can get -- and when individuals don't usually have access to corporate tools like Umbrella, you'll still have to be extra-careful about the Word files you receive online.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Zappos' pioneering ex-CEO Tony Hsieh dies at 46

Zappos' pioneering ex-CEO Tony Hsieh dies at 46

View
Vava’s 4K ultra short-throw projector is $840 off at Amazon

Vava’s 4K ultra short-throw projector is $840 off at Amazon

View
The best Black Friday tech deals we could find

The best Black Friday tech deals we could find

View
The Morning After: The best Black Friday deals that are still going

The Morning After: The best Black Friday deals that are still going

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr