Report - Paper 'On Botnets that use DNS for Command and Control' accepted at EC2ND 2011
As part of our malware research, Christian J. Dietrich and me discovered a new type of botnet in our Sandnet environment. The neat thing with this botnet is that it uses DNS as carrier protocol for its command and control (C&C) messages. We performed a detailed analysis of the botnet and explore a network based mechanism to detect the bot's DNS messages. The full paper is available here.
Unfortunately I won't be able to join the conference, but Christian J. Dietrich will be presenting the results at EC2ND 2011. The conference will take place in Gothenburg, Sweden, September 6-7 at Chalmers University. We are looking forward to your feedback!