Knowing the algorithm allows malware authors to predict which domain names infected computers will attempt to access on a certain date, so they can register one of them in advance. Clients in a botnet attempt to connect to them and receive commands when the primary servers can't be reached.
The algorithms generate a list of unique pseudo-random domain names every day. Malware authors are increasingly adopting flexible domain generation algorithms (DGAs) in order to evade detection and prevent their botnets from being shut down by security researchers or law enforcement agencies.ĭGAs are generally used as a fallback mechanism for sending instructions to infected computers when the hard-coded command and control (C&C) servers become unavailable.
0 kommentar(er)
