Researchers at Texas A&M University have discovered a new method of tracking down botnet sites that use ever-changing domain names to keep their malware active.
Botnets are notorious for changing their domain names regularly and the cybercriminals often squat domain names that are misspellings of popular brand names or major news issues — like the recent Japanese earthquake and tsunami.
Dr. Narasimha Reddy of Texas A&M’s Department of Electrical and Computer Engineering claimed that so-called fluxing botnet sites are a regular occurrence on the Web. The recent Conficker-A epidemic is a perfect example, with the botnet using 250 different domains to spread its malware.
Dr. Reddy said: “Our method analyzes only DNS traffic and hence is easily scalable to large networks.”
“It can detect previously unknown botnets by analyzing a small fraction of the network traffic,” he added.
Recently, Google introduced a new tool that allows Web users to block web sites that they suspect are malicious.