Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Domain Name System
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== DNSMessenger === DNSMessenger<ref>{{Cite web |title=DNSMessenger (Malware Family) |url=https://malpedia.caad.fkie.fraunhofer.de/details/win.dnsmessenger |access-date=2024-12-11 |website=malpedia.caad.fkie.fraunhofer.de}}</ref><ref>{{Cite web |last=Khandelwal|first=Swati |title=New Fileless Malware Uses DNS Queries To Receive PowerShell Commands |url=https://thehackernews.com/2017/03/powershell-dns-malware.html|date=2017-03-06 |access-date=2024-12-11 |website=The Hacker News |language=en}}</ref><ref>{{Cite web |last=Brumaghin|first=Edmund|date=2017-03-02 |title=Covert Channels and Poor Decisions: The Tale of DNSMessenger |url=https://blog.talosintelligence.com/dnsmessenger/ |access-date=2024-12-11 |website=Cisco Talos Blog |language=en}}</ref><ref>{{Cite AV media |url=https://www.youtube.com/watch?v=slNe6z9gFv0 |title=It's DNS again π’ Did you know this Malware Hack? |date=2023-05-26 |last=Bombal|first=David|access-date=2024-12-11 |via=YouTube}}</ref> is a type of cyber attack technique that uses the DNS to communicate and control malware remotely without relying on conventional protocols that might raise red flags. The DNSMessenger attack is covert because DNS is primarily used for domain name resolution and is often not closely monitored by network security tools, making it an effective channel for attackers to exploit. This technique involves the use of DNS TXT records to send commands to infected systems. Once malware has been surreptitiously installed on a victim's machine, it reaches out to a controlled domain to retrieve commands encoded in DNS text records. This form of malware communication is stealthy, as DNS requests are usually allowed through firewalls, and because DNS traffic is often seen as benign, these communications can bypass many network security defenses. DNSMessenger attacks can enable a wide array of malicious activities, from data exfiltration to the delivery of additional payloads, all while remaining under the radar of traditional network security measures. Understanding and defending against such methods are crucial for maintaining robust cybersecurity.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)