The PushDo botnet recently resurfaced yet again, this time with domain generation algorithm (DGA) capabilities....
Could you explain what DGA is and the threat it poses?
Ask the Expert
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
The domain generation algorithm (DGA) is a method malware writers use to dynamically create domain names in malware. Once the domain name is registered, the malware can connect to the command-and-control (C&C) infrastructure. This dynamic generation of a domain name makes it is far more difficult for enterprises to block external websites or domain names and, in turn, prevent malware from accessing its C&C infrastructure.
If an external website or domain name is in fact deemed malicious and either blocked on the enterprise network or removed, the malware is able to generate a new name to connect to another C&C server.
Dynamically generating a domain name also allows malware authors more flexibility, as the domain name does not need to be embedded in the malware. If it is embedded, security researchers would be able to dissect the malware, extract the domain name and then stop it from being used for malicious activity. This also allows researchers to investigate the C&C infrastructure in depth before it gets taken down.
Fortunately, researchers have identified methods that could be used to detect DGA capabilities to help stop malware that leverages DGA. While that's an interesting development, it remains to be seen whether they will prove to be beneficial techniques over the long term for giving new life to botnets like PushDo.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how ...continue reading
The Pork Explosion vulnerability present in some Foxconn-created app bootloaders can be used to create an Android backdoor. Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.