On Botnets That Use DNS for Command and Control
The authors discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, they correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, they correctly detected DNS C&C in mixed office workstation network traffic. Botnets, i.e., sets of computers that are infected with a specific malicious software that allows these computers to be remote controlled, have become one of the biggest security issues on the Internet imposing a variety of threats to Internet users.