Categories: NewsSecurity

Cyber Criminals Start to use DNS TXT Records to Control Remote Access Trojans

Trojans are one of the most annoying types of malware to deal with these days. Not only can Trojans infect computer systems and cause programs to stop working, but once a Trojan is installed, hackers can also distribute backdoor access tools. In most cases, criminals use Trojans to infiltrate computer systems and networks. A new malware sample goes to show hackers now use DNS TXT records for Trojan communication.

Controlling Trojans In A Different Manner

One of the things people tend to forget is how criminals have to keep control over their Trojans at any given time. Rather than relying on a command and control server which can be shut down by the government at any given time, using DNS TXT records makes a lot more sense. Cisco Talos security researchers discovered this new method of controlling malware through DNS servers, which is quite a troublesome development, to say the least.

Especially remote access trojans are controlled through these DNS TXT records, by the look of things. By using the Domain name System, criminals can effectively establish two-way communication between themselves and the victim’s computer without going through centralized entities or service providers. Moreover, it also makes the communication virtually invisible, which does not help with tracking down the actors responsible for such an attack.

This new method of controlling Trojans has security researchers concerned, and for a good reason. They came across this new control method by accident while studying a new malware sample. As one would expect, the malware is distributed through phishing campaigns, which help criminals increase the odds of successfully infecting as many computers as possible. In these spam emails is a malicious Microsoft Word document that contains the malware payload.

Related Post

DNS TXT records are mostly used by DNS to transfer text-based information. In fact, the technology has been around for quite some time yet it has never been used for nefarious purposes as far as security researchers can tell. Email authentication functions rely on this technology on a daily basis, making it a very common part of all internet traffic passing through the Domain Name System. Using this mechanism to set up two-way command and control servers is troublesome, as it allows the malware to bypass most enterprise security controls.

This also poses a new problem for companies actively monitoring internet traffic for malicious communication. Looking over web traffic email and other communication protocols is a big step in the right direction. However, no company actively looks at DNS requests, as it is the least likely source of online attacks. That has come to change as of late, which is evident by looking at this new malware sample. It is hard to come up with a solution that will actively monitor DNS traffic for potential threats, though.

It is evident both large and small companies have to start thinking like cyber criminals would. With the number of threats and attack vectors growing all the time, companies have to remain on their toes and look for parts of their communication protocols that are not protected yet. Using DNS TXT records is a big problem, but it may only be a matter of time until criminals have devised yet another scheme to remove centralized servers from the equation.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Web3Bay, Solana & Tron: Leading the Utility Coin Revolution

The Next Big Crypto Projects: Why You Should Add Web3Bay, Solana, & Tron to Your…

37 mins ago

Last Chance Alert: Join the Best Crypto Presale Now for Top 7 Trending Cryptos

Imagine securing a stake in the next big cryptocurrency before it skyrockets. A chance investors…

1 hour ago

Remittix (RTX) Set To Surpass Ripple (XRP) In 2025 With The Dawn Of PayFi—5000% Rally Expected

Ripple (XRP) has certainly been around the crypto market long enough for anyone to have…

1 hour ago

What Are the Top Decentralized Crypto Wallets for This Year?

Master Your Crypto Portfolio: Leading Decentralized Wallets for Maximum Control & Earnings in 2025 With…

2 hours ago

Lethal Bearish Attack Heavily Dumps WIF & SHIB Prices; DTX Exchange Accumulation Soars

The crypto market is typical of sudden changes in fortune and price drops. That has…

2 hours ago

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

14 hours ago