Damballa Labs discovered a brand new DGA (domain generation algorithm) in December of 2013 that was dubbed Bv14. Damballa Threat Research began to analyze this new DGA and discovered it was something new and it was performing click fraud. We started to dissect the network traffic and determined that it was hosted on a double flux infrastructure (fast flux domains and name servers) and it was also performing sinkhole evasion. When AV signatures became available for this threat it came to be known as Ramdo in the security industry.
While analyzing this sample of malware from the Ramdo family, Damballa was able to reverse engineer the domain generation algorithm out of two samples using very similar code for the DGA
read more..........https://blog.damballa.com/archives/2526
While analyzing this sample of malware from the Ramdo family, Damballa was able to reverse engineer the domain generation algorithm out of two samples using very similar code for the DGA
read more..........https://blog.damballa.com/archives/2526