Morto worm sets a (DNS) record

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Morto worm sets a (DNS) record
Botnet Morto
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol DNS
Date 2011 / 2011-08-31
Editor/Conference Symantec
Link http://www.symantec.com/connect/blogs/morto-worm-sets-dns-record (Archive copy)
Author Cathal Mullaney
Type Blogpost

Abstract

There has been a lot of coverage of the recent RDP capable W32.Morto worm, but one of the more interesting aspects of the worm’s behavior appears to have been overlooked. Most malware that we have seen recently has some means of communication with a remote Command and Control (C&C) server. The actual vector of communication tends to vary between threats. For example, W32.IRCBot uses Internet Relay Chat channels whereas the recent high profile threat, Trojan.Downbot, is capable of reading commands embedded in HTML pages and image files. W32.Morto has added another C&C communication vector by supplying remote commands through Domain Name System (DNS) records.

Bibtex

 @misc{Mullaney2011BFR1926,
   editor = {Symantec},
   author = {Cathal Mullaney},
   title = {Morto worm sets a (DNS) record},
   date = {31},
   month = Aug,
   year = {2011},
   howpublished = {\url{http://www.symantec.com/connect/blogs/morto-worm-sets-dns-record}},
 }