The PushDo botnet recently resurfaced yet again, this time with domain generation algorithm (DGA) capabilities....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Could you explain what DGA is and the threat it poses?
Ask the Expert
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
The domain generation algorithm (DGA) is a method malware writers use to dynamically create domain names in malware. Once the domain name is registered, the malware can connect to the command-and-control (C&C) infrastructure. This dynamic generation of a domain name makes it is far more difficult for enterprises to block external websites or domain names and, in turn, prevent malware from accessing its C&C infrastructure.
If an external website or domain name is in fact deemed malicious and either blocked on the enterprise network or removed, the malware is able to generate a new name to connect to another C&C server.
Dynamically generating a domain name also allows malware authors more flexibility, as the domain name does not need to be embedded in the malware. If it is embedded, security researchers would be able to dissect the malware, extract the domain name and then stop it from being used for malicious activity. This also allows researchers to investigate the C&C infrastructure in depth before it gets taken down.
Fortunately, researchers have identified methods that could be used to detect DGA capabilities to help stop malware that leverages DGA. While that's an interesting development, it remains to be seen whether they will prove to be beneficial techniques over the long term for giving new life to botnets like PushDo.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Malware authors are adopting software wrapping to hide malicious code and avoid detection. Expert Nick Lewis explains how to defend against the ...continue reading
Malicious software using legitimate digital certificates is reportedly on the rise. Expert Nick Lewis explains how to mitigate the risks of digitally...continue reading
Malware authors are using power consumption tracking-malware to eavesdrop on and attack mobile devices. Expert Nick Lewis explains the threat and how...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.