The PushDo botnet recently resurfaced yet again, this time with domain generation algorithm (DGA) capabilities....
Could you explain what DGA is and the threat it poses?
Ask the Expert
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
The domain generation algorithm (DGA) is a method malware writers use to dynamically create domain names in malware. Once the domain name is registered, the malware can connect to the command-and-control (C&C) infrastructure. This dynamic generation of a domain name makes it is far more difficult for enterprises to block external websites or domain names and, in turn, prevent malware from accessing its C&C infrastructure.
If an external website or domain name is in fact deemed malicious and either blocked on the enterprise network or removed, the malware is able to generate a new name to connect to another C&C server.
Dynamically generating a domain name also allows malware authors more flexibility, as the domain name does not need to be embedded in the malware. If it is embedded, security researchers would be able to dissect the malware, extract the domain name and then stop it from being used for malicious activity. This also allows researchers to investigate the C&C infrastructure in depth before it gets taken down.
Fortunately, researchers have identified methods that could be used to detect DGA capabilities to help stop malware that leverages DGA. While that's an interesting development, it remains to be seen whether they will prove to be beneficial techniques over the long term for giving new life to botnets like PushDo.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.