News

Security company discovers trojan that communicates via DNS

By admin
Spread the love

Cisco’s Talos research department has analyzed malware that communicates via DNS. The so-called Dnmessenger trojan can thus request PowerShell scripts from the txt record to avoid detection.

In the analysis, the researchers write that the Trojan communicates with the attackers’ c2 server in this way. The malware is notable because this variant takes extensive steps to remain hidden. The trojan is distributed using an infected Word document, which appears to be protected by McAfee software. For example, the file could be sent to a specific target by a phishing email.

The malware works with PowerShell to create a backdoor in the victim’s system. To achieve that, the malicious software first checks for administrative access and which version of PowerShell is running on the system. In the next phase, the Dnmessenger Trojan uses a random pre-programmed domain name for dns requests. By retrieving the txt record it is possible for the attackers to provide the trojan with various commands.

The PowerShell commands contained in the txt records allow the attacker to control Windows functions on the infected system. It is also possible to send back the generated output of applications via a dns request. According to the researchers, such an attack is difficult to detect, because organizations often do not use filters for DNS. This makes this technique suitable for targeted attacks.

The malicious Word file

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support