The PushDo botnet recently resurfaced yet again, this time with domain generation algorithm (DGA) capabilities.
Could you explain what DGA is and the threat it poses?
Ask the Expert
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
The domain generation algorithm (DGA) is a method malware writers use to dynamically create domain names in malware. Once the domain name is registered, the malware can connect to the command-and-control (C&C) infrastructure. This dynamic generation of a domain name makes it is far more difficult for enterprises to block external websites or domain names and, in turn, prevent malware from accessing its C&C infrastructure.
If an external website or domain name is in fact deemed malicious and either blocked on the enterprise network or removed, the malware is able to generate a new name to connect to another C&C server.
Dynamically generating a domain name also allows malware authors more flexibility, as the domain name does not need to be embedded in the malware. If it is embedded, security researchers would be able to dissect the malware, extract the domain name and then stop it from being used for malicious activity. This also allows researchers to investigate the C&C infrastructure in depth before it gets taken down.
Fortunately, researchers have identified methods that could be used to detect DGA capabilities to help stop malware that leverages DGA. While that's an interesting development, it remains to be seen whether they will prove to be beneficial techniques over the long term for giving new life to botnets like PushDo.
Dig deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis, Enterprise Threats
Researchers reportedly succeeded in extracting decryption keys using sound-based attacks. Is this a threat enterprises should worry about?continue reading
The amount of malware using peer-to-peer communications has increased dramatically. Enterprise threats expert Nick Lewis explains how to detect P2P ...continue reading
Cloaked malware, like DGA.Changer, can reportedly evade sandbox detection. Nick Lewis explains how to handle the risk.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.