Categories: NewsSecurity

Cyber Criminals Start to use DNS TXT Records to Control Remote Access Trojans

Trojans are one of the most annoying types of malware to deal with these days. Not only can Trojans infect computer systems and cause programs to stop working, but once a Trojan is installed, hackers can also distribute backdoor access tools. In most cases, criminals use Trojans to infiltrate computer systems and networks. A new malware sample goes to show hackers now use DNS TXT records for Trojan communication.

Controlling Trojans In A Different Manner

One of the things people tend to forget is how criminals have to keep control over their Trojans at any given time. Rather than relying on a command and control server which can be shut down by the government at any given time, using DNS TXT records makes a lot more sense. Cisco Talos security researchers discovered this new method of controlling malware through DNS servers, which is quite a troublesome development, to say the least.

Especially remote access trojans are controlled through these DNS TXT records, by the look of things. By using the Domain name System, criminals can effectively establish two-way communication between themselves and the victim’s computer without going through centralized entities or service providers. Moreover, it also makes the communication virtually invisible, which does not help with tracking down the actors responsible for such an attack.

This new method of controlling Trojans has security researchers concerned, and for a good reason. They came across this new control method by accident while studying a new malware sample. As one would expect, the malware is distributed through phishing campaigns, which help criminals increase the odds of successfully infecting as many computers as possible. In these spam emails is a malicious Microsoft Word document that contains the malware payload.

Related Post

DNS TXT records are mostly used by DNS to transfer text-based information. In fact, the technology has been around for quite some time yet it has never been used for nefarious purposes as far as security researchers can tell. Email authentication functions rely on this technology on a daily basis, making it a very common part of all internet traffic passing through the Domain Name System. Using this mechanism to set up two-way command and control servers is troublesome, as it allows the malware to bypass most enterprise security controls.

This also poses a new problem for companies actively monitoring internet traffic for malicious communication. Looking over web traffic email and other communication protocols is a big step in the right direction. However, no company actively looks at DNS requests, as it is the least likely source of online attacks. That has come to change as of late, which is evident by looking at this new malware sample. It is hard to come up with a solution that will actively monitor DNS traffic for potential threats, though.

It is evident both large and small companies have to start thinking like cyber criminals would. With the number of threats and attack vectors growing all the time, companies have to remain on their toes and look for parts of their communication protocols that are not protected yet. Using DNS TXT records is a big problem, but it may only be a matter of time until criminals have devised yet another scheme to remove centralized servers from the equation.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

100% Bonus Offer from BlockDAG, INJ Dominates DeFi & ADA Price Stumbles

Whales Make a Splash After BlockDAG's 100% Bonus Offer Goes Live - INJ Ecosystem Boosts…

7 hours ago

Plus Wallet: Top Crypto Wallet for Massive Rewards

Plus Wallet—Where Effortless Crypto Management and Rewards Align Perfectly In the world of cryptocurrency management,…

8 hours ago

Aptos (APT) and Tron (TRX) Prices Slide, As Volume Soars For Rollblock Suggesting Parabolic Rally

As Aptos and Tron prices take a recent downturn, the spotlight shifts to Rollblock, whose…

15 hours ago

Altcoins to Watch in November: Binance Coin (BNB), Rollblock (RBLK), and Neiro (NEIRO)

As the crypto markets roll into their most bullish time of year, we present three…

16 hours ago

Analysts Forecast $1 for Cardano and Lunex Network As Dogwifhat Plunges To Former Lows

As the crypto market prepares for a major rally, experts believe that two top altcoins,…

16 hours ago

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

16 hours ago