DarkReading reports on a new technique to root out fast-flux botnets:
Researchers have devised a new method to root out botnets that try to hide behind alternating domain names.
Supranamaya "Soups" Ranjan, a research scientist, says he and a team of colleagues came up with a prototype method of detecting botnets like Conficker, Kraken, and Torpig that use so-called DNS domain-fluxing for their command and control (C&C) infrastructure.
The researchers presented their findings this week at the ACM Measurement Conference in Melbourne. Their method basically looks at the pattern and distribution of alphabetic characters in a domain name to determine whether it's malicious or legitimate: This allows them to spot botnets' algorithmically generated domain names. Ranjan says his team's new detection method also works for detecting IP fast flux.
No comments:
Post a Comment