domain generation algorithm (DGA)

A domain generation algorithm (DGA) is a computer program that creates slightly different variations of a given domain name.

If a website owner wants to use the domain name for example, and a search on a domain-name registrar’s site revealed that the desired domain name was not unavailable, a DGA running in the site’s background might return suggestions for fifty similar site names that actually were available.

Botnet operators have discovered that DGAs can be used to hide the operator’s command and control (C&C) server and evade detection by blacklists, signature filters, reputation systems, intrusion prevention systems, security gateways and other security methods.  The scheme, which is called domain fluxing, is similar to hiding a needle (the C&C server) in a haystack (a long list of IP addresses).  

This was last updated in July 2014

Continue Reading About domain generation algorithm (DGA)

Dig Deeper on Malware, virus, Trojan and spyware protection and removal