Threat Watch

Mozart Malware Hides Traffic

Discovered by MalwareHunterTeam, a new backdoor malware, called Mozart, has been found using DNS protocol to communicate with remote attackers to evade detection by security software. Normally when a malware communicates for commands, it does over HTTP/S protocols for ease of communication. Most security software monitors HTTP/S traffic and will block traffic that it determines to be malicious. Mozart uses DNS protocols which convert the hostname, such as, to its IP address,, so that it can connect to the remote attacker.


It is important to remember that malware using DNS protocols to communicate is not unique to Mozart malware. To block Mozart, users could block the IP address that it communicates with, but that would create a cat and mouse game of chasing changing DNS servers. Instead, it is more effective to watch for methods of malicious communications and if the security software can monitor DNS queries, enable it so that it can block suspicious traffic.

To read more: