Domain Generation Algorithm Malware
A domain generating algorithm dga is a program or subroutine that provides malware with new domains on demand or on the fly.
Domain generation algorithm malware. A domain generation algorithm is a routine program that generates a domain dynamically. As these dgas become more sophisticated and increasingly difficult to detect zvelo s cyber threat intelligence team is recommending heightened awareness as they anticipate this to be a prominent. As far as i know there is no way to acquire a tld domain but to pay. The more complexed versions used by cyber criminals use special internal algorithms to generate randomised domain names which are used for communicating with their command and control c2 servers.
Dga is a technique that fuels malware attacks. Kraken was the first malware family to use a dga in 2008 that we could find. Some malwares use dga domain generation algorithm to randomly generate domains in order for the zombies to be able to communicate in a resilient manner with the c c. They have the creativity and ingenuity to create malware and botnets that can bring an enterprise s entire network to its knees causing interruption of critical services and compromising sensitive valuable data.
Think of the following example. Domain generation algorithms dga are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers the large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets since infected computers will attempt to. Domain generating algorithms how botnets use dns to connect to their c c server malicious adversaries are as sneaky as they are intelligent. Over the last decade domain generation algorithms dgas have become a popular tool for threat actors to deliver malware as it has become a difficult technique for defenders to counter attacks.
Attackers developed dgas so that malware can quickly generate a list of domains that it can use for the sites that give it instructions and receive information from the malware usually referred to as command and control or c2. Malware has been increasing in complexity year on year for the last 10 years or. Once the attacker infects a target with this malware it will start contacting its c2 server. Domain generation algorithm domain generation algorithms dgas can be used by malware to dynamically generate a set of candidate domains periodically to reach the c c center.
Dga by itself can t harm you. A domain generation algorithm is a program that is designed to generate domain names in a particular fashion. The corresponding backdoor has this domain hardcoded into its code. These algorithms are called domain generating algorithms or dga.
Later that year conficker made dga a lot more famous.