The PushDo botnet recently resurfaced yet again, this time with domain generation algorithm (DGA) capabilities....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Could you explain what DGA is and the threat it poses?
Ask the Expert
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
The domain generation algorithm (DGA) is a method malware writers use to dynamically create domain names in malware. Once the domain name is registered, the malware can connect to the command-and-control (C&C) infrastructure. This dynamic generation of a domain name makes it is far more difficult for enterprises to block external websites or domain names and, in turn, prevent malware from accessing its C&C infrastructure.
If an external website or domain name is in fact deemed malicious and either blocked on the enterprise network or removed, the malware is able to generate a new name to connect to another C&C server.
Dynamically generating a domain name also allows malware authors more flexibility, as the domain name does not need to be embedded in the malware. If it is embedded, security researchers would be able to dissect the malware, extract the domain name and then stop it from being used for malicious activity. This also allows researchers to investigate the C&C infrastructure in depth before it gets taken down.
Fortunately, researchers have identified methods that could be used to detect DGA capabilities to help stop malware that leverages DGA. While that's an interesting development, it remains to be seen whether they will prove to be beneficial techniques over the long term for giving new life to botnets like PushDo.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
A new type of iOS malware can hijack jailbroken iOS devices. Expert Nick Lewis explains how KeyRaider works and how to defend against the threat.continue reading
A rise in ransomware attacks has been attributed to a new service model for cybercriminals. Nick Lewis explains what's behind this new threat.continue reading
A malware tool that helped to compile the Zeus Trojan has been leaked on the Web. Expert Nick Lewis explains what this means for enterprise security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.