On Botnets that use DNS for Command and Control

by Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert
Sept. 10, 2017 1 comment www.distributed-systems.net

We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office workstation network traffic


negrii_irina88 8 months ago

such a pleasure to reach this information ..not an easy to read article but the authors did their job properly with all these incorporated details