Researchers Reveals a Rise in Domain Generation Algorithm

According to new research by Damballa, the evasion method also called as obfuscation method include the increased utilization of domain generation algorithm, as reported by CYBERLEAKS on March 12, 2012.

DGA permit the malware to neglect blacklist, signature files, and reputation-based system and also permits botnet operators to conceal their command- and control-server from signatures-based security tools utilizing algorithm to spread out energetically to a number of servers, other than utilizing static servers, which are effortlessly situated, observed Gunter Ollmann, Vice President of research at Damballa.

As per the Damballa, six families that use these methods are there along with the latest Zeus variant, Bamital, Bank patch, Bonnana, Expiro.Z, and Shiz. The DGA's is mostly used by Bank patch as it is the oldest.

The concept of DGA is quite simple, but amazingly sly, Damballa said. malware infecting an end-point device is coded with an algorithm that utilizes a 'seed' value, as the present date for generating potentially a lot of apparent random domain names that attempt to determine IP address.

The research team at Damballa showed their concern that DGAs are not dead. Also, that they are already in use for criminal activities at an incredible rate. DGA's are being implemented for backup strategies. Although crimeware families is famous and its conventional C&C infrastructure is blocked or hindered, the DGA contingency plan is striving in and permitting the crime ware to get some novel instructions and upload the robbed data.
The authors behind the conficker variants tested with a number of algorithm but they have not succeeded in constructing a consistent botnet. Instead of minor flaws, conficker contaminated device still blamed for sizable fraction of known malware infection around the work- years after the threat was examined to the depth and protection solutions are available everywhere.

Though the inclusion of DGAs to the existing stealthy and updated crime ware is a major menace to the security of corporate, it should however be noted that the process is now employed by the criminal operators pertaining to the registration of updated addition/removal of C&C servers, domain names, and configuration of DNS. Professional cyber crooks are exploiting their deployments for minimum exposure and maximum profit.

Related article: Researchers Urge Caution against phishing Scams

» SPAMfighter News - 3/17/2012