Malware Execution Method Using DNS TXT Record – Malware Analysis – Malware Analysis, News and Ind….>
– MalBot
Malware authors have been increasingly using DNS TXT records to facilitate the download and execution of malicious software. This approach is known as “DNS Tunneling”. When enabled on a malicious actor’s command and control server, DNS tunneling allows an attacker to establish a communications channel with a target machine by configuring the DNS server of that machine to periodically issue requests for specially-crafted TXT records. The response received contains instructions to be executed by the target device, which may, for example, download and run malicious code. In addition to the above, attackers also use DNS TXT records to propagate malicious content such as ransomware, malware, and malicious scripts. This is done by placing a malicious link in the TXT records, which when clicked by the user triggers the download of malicious content from the attackerâs command and control server. To help limit the potential abuse of DNS TXT records, organizations are advised to consider limiting the number of TXT records issued by their DNS servers and to carefully monitor their use. Additionally, administrators should be especially wary of TXT records originating from suspicious domains and IP addresses.
Link: https://malware.news/t/malware-execution-method-using-dns-txt-record/70981