Morto worm sets a (DNS) record
Revision as of 21:37, 30 July 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Morto, |CCProtocol=DNS, |Year=2011 |Date=2011-08-31 |Editor=Symantec |Link=http://www.symantec.com/connect/blogs/morto-worm-sets-dns-record |Author=Catha...")
(Publication) Google search: [1]
| Morto worm sets a (DNS) record | |
|---|---|
| Botnet | Morto |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | DNS |
| Date | 2011 / 2011-08-31 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/morto-worm-sets-dns-record (Archive copy) |
| Author | Cathal Mullaney |
| Type | Blogpost |
Abstract
“ There has been a lot of coverage of the recent RDP capable W32.Morto worm, but one of the more interesting aspects of the worm’s behavior appears to have been overlooked. Most malware that we have seen recently has some means of communication with a remote Command and Control (C&C) server. The actual vector of communication tends to vary between threats. For example, W32.IRCBot uses Internet Relay Chat channels whereas the recent high profile threat, Trojan.Downbot, is capable of reading commands embedded in HTML pages and image files. W32.Morto has added another C&C communication vector by supplying remote commands through Domain Name System (DNS) records.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1926,
editor = {Symantec},
author = {Cathal Mullaney},
title = {Morto worm sets a (DNS) record},
date = {31},
month = Aug,
year = {2011},
howpublished = {\url{http://www.symantec.com/connect/blogs/morto-worm-sets-dns-record}},
}