Latest in Gear

Image credit: De Agostini/Getty Images

Trojan uses a key internet feature to receive marching orders

You can't easily stop this malware in its tracks.
588 Shares
Share
Tweet
Share
Save

Sponsored Links

De Agostini/Getty Images

If malware uses a remote command-and-control server to function, it's relatively easy to cripple it by blocking the internet addresses it uses. It's not always that easy, however, and researchers at Cisco's Talos group have found a textbook example of this in action. A recently discovered Windows PowerShell trojan, DNSMessenger, uses the Domain Name Service for communication -- you know, one of the cornerstones of the internet. Few computer users are equipped to block DNS without causing other problems, and they might not notice unusual data traffic even if they're looking for it. While using DNS isn't completely unheard of, DNSMessenger uses an "extremely uncommon" two-way approach that both sends commands to victim machines and sends results back to the attacker.

It's not certain what the malware writers were hoping to accomplish, although the code trash-talks Cisco's own SourceFire security hardware. This was likely aimed at specific targets rather than a carpet bombing campaign.

The good news? You probably won't run into this. The malware is currently distributed in specially coded Word documents, and Cisco recently launched a product (Umbrella) specifically designed to counter DNS-based attacks like this. Even so, this shows just how stealthy attacks can get -- and when individuals don't usually have access to corporate tools like Umbrella, you'll still have to be extra-careful about the Word files you receive online.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
588 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Watch the first trailer for HBO's 'Avenue 5' sci-fi space comedy

Watch the first trailer for HBO's 'Avenue 5' sci-fi space comedy

View
John Legere is stepping down as T-Mobile CEO next April

John Legere is stepping down as T-Mobile CEO next April

View
Amazon cuts the price of the Google Pixel 3a to $299

Amazon cuts the price of the Google Pixel 3a to $299

View
Logitech unveils an affordable button kit for the Xbox Adaptive Controller

Logitech unveils an affordable button kit for the Xbox Adaptive Controller

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr