06 November, 2010

Fast Flux in the news

DarkReading reports on a new technique to root out fast-flux botnets:

Researchers have devised a new method to root out botnets that try to hide behind alternating domain names.

Supranamaya "Soups" Ranjan, a research scientist, says he and a team of colleagues came up with a prototype method of detecting botnets like Conficker, Kraken, and Torpig that use so-called DNS domain-fluxing for their command and control (C&C) infrastructure.

The researchers presented their findings this week at the ACM Measurement Conference in Melbourne. Their method basically looks at the pattern and distribution of alphabetic characters in a domain name to determine whether it's malicious or legitimate: This allows them to spot botnets' algorithmically generated domain names.  Ranjan says his team's new detection method also works for detecting IP fast flux.

No comments:

Post a Comment