Discovered by MalwareHunterTeam, a new backdoor malware, called Mozart, has been found using DNS protocol to communicate with remote attackers to evade detection by security software. Normally when a malware communicates for commands, it does over HTTP/S protocols for ease of communication. Most security software monitors HTTP/S traffic and will block traffic that it determines to be malicious. Mozart uses DNS protocols which convert the hostname, such as www.example.com, to its IP address, 188.8.131.52, so that it can connect to the remote attacker.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is