Threat Watch

Mozart Malware Hides Traffic

Discovered by MalwareHunterTeam, a new backdoor malware, called Mozart, has been found using DNS protocol to communicate with remote attackers to evade detection by security software. Normally when a malware communicates for commands, it does over HTTP/S protocols for ease of communication. Most security software monitors HTTP/S traffic and will block traffic that it determines to be malicious. Mozart uses DNS protocols which convert the hostname, such as www.example.com, to its IP address, 93.184.216.34, so that it can connect to the remote attacker.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

It is important to remember that malware using DNS protocols to communicate is not unique to Mozart malware. To block Mozart, users could block the IP address that it communicates with, but that would create a cat and mouse game of chasing changing DNS servers. Instead, it is more effective to watch for methods of malicious communications and if the security software can monitor DNS queries, enable it so that it can block suspicious traffic.

To read more: https://www.bleepingcomputer.com/news/security/new-mozart-malware-gets-commands-hides-traffic-using-dns/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support