We all know there have been (and still is) a lot of malware lurking around the Internet. It’s quite usual today that once the victims get infected, they call back to the command and control (C&C) server, which is controlled by the attacker. The attacker can then contact the malware program installed on the victim’s machine through the C&C server.
There has been much talk about the watering hole attack, where attackers first identify which websites the targeted group of people is using, infecting the webpage with malware and waiting for one of the targeted individuals to visit the website and potentially get infected. The infection usually happens through a vulnerability in the web browser, Java, Flash or PDF reader by using a known security vulnerability or a zero-day vulnerability.
Once the victim gets infected by any means, the payload is executed on the victim’s machine. A payload can consists of any number of things, but usually a payload shuts down the anti-virus software, installs fake anti-virus software, installs a trojan or a rootkit, or installs ransomware by encrypting the user’s data with a public key, while only the attackers have the private key to decrypt the data – if the user wants to see its own data again, he must pay a specific amount of money to receive a private key. There’s also a payload, which connects back to the command and control (C&C) server and waits for actions to be done. To understand the need for domain generation algorithms, we must first talk about how command and control servers have evolved in time and which methods are available to shut them down.
more here...........http://resources.infosecinstitute.com/domain-generation-algorithm-dga/
There has been much talk about the watering hole attack, where attackers first identify which websites the targeted group of people is using, infecting the webpage with malware and waiting for one of the targeted individuals to visit the website and potentially get infected. The infection usually happens through a vulnerability in the web browser, Java, Flash or PDF reader by using a known security vulnerability or a zero-day vulnerability.
Once the victim gets infected by any means, the payload is executed on the victim’s machine. A payload can consists of any number of things, but usually a payload shuts down the anti-virus software, installs fake anti-virus software, installs a trojan or a rootkit, or installs ransomware by encrypting the user’s data with a public key, while only the attackers have the private key to decrypt the data – if the user wants to see its own data again, he must pay a specific amount of money to receive a private key. There’s also a payload, which connects back to the command and control (C&C) server and waits for actions to be done. To understand the need for domain generation algorithms, we must first talk about how command and control servers have evolved in time and which methods are available to shut them down.
more here...........http://resources.infosecinstitute.com/domain-generation-algorithm-dga/