If something is "in flux," it means it is constantly changing. In this case, the bots are using a domain-generation algorithm (DGA) to produce tens of thousands of random domain names, one of which will actually be registered by the botnet operator. Each bot then sends out DNS queries to the random domains until one of them actually resolves to the address of the C&C server.
Domain fluxing can make it difficult for security researchers and administrators to block instructions from a C&C server and shut a botnet down. Domain fluxing was popularized by Conficker and is also used by Kraken and a rootkit called Torpig.
See also: fast-flux DNS
Continue Reading About domain fluxing
'domain fluxing' is part of the:
View All Definitions