illurity-logo
Log in

Site menu:

Categories

Tags

Site search

November 2018
M T W T F S S
« Dec    
 1234
567891011
12131415161718
19202122232425
2627282930  

Links:

Archives

DNSbot Servers

Not long ago, it was fairly simple to decommission even largely distributed botnets serving up web content (e.g. online-pharmacies, cheap software) by reporting the abuse to the DNS provider. In an effort to build more robust botnets, the botmasters have responded by adding DNS servers to their armies.

Browse to your EmailSecurity junkbox and have a look at some of the spam it’s caught. Grab a URL – the very first one in my junkbox was from Canadian pharmacy http://viagros.net.

Now visit this site which provides DNS replication as a service to CERT, and enter the domain from the spam URL (query for viagros.net pre-populated for convenience). You’ll see that viagros.net has dozens of A records for good fault tolerance. At the bottom of the list, you will see the NS records (ns1.fdr-td.com) for this domain. Clicking on its link will show all the other domains that this DNSbot services.

Zombie HTTP, SMTP, and now DNS. And with that we pretty well have a complete evil replica of the Internet’s primary app layer. What’s next? How about armies of “anonymizing” proxy servers that insert their own special content? Give it a few months.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.