Newly Composed Mozart Malware Found To Be Highly Evasive – Expert Insight

A new backdoor malware called Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems. The researchers have discovered that the malware uses DNS to receive instructions from attackers and to evade detection. Typically when a malware phones home to receive commands that should be executed, it will do so over the HTTP/S protocols for ease of use and communication but this can be detected by security software.


EXPERTS COMMENTS
Andre Gironda, VP,  Cerberus Sentinel
February 26, 2020
This new Mozart must not be confused with this older, unrelated variety.
There are legitimate external infrastructure use cases for TXT and similar Resource Records. The email and messaging integrity protocols DKIM, SPF, and Domainkey make use of DNS TXT, as one small example. In 2014, the US Army Research Lab released an open-source project, DShell, to decode C2 techniques in backdoors, RATs, and implants such as Immunity Security’s INNUENDO DNS Channel. The secu ....
[Read More >>]
Chris Clements, VP,  Cerberus Sentinel
February 26, 2020
However, the DNS protocol itself is unencrypted and is much easier to monitor than encrypted HTTPS.
Using the DNS protocol for malware command and control operations can have advantages for cyber criminals. Using DNS can allow the attackers to bypass outbound communication restrictions or web filters and many organizations don’t have tools in place to monitor or alert on suspicious DNS traffic. However, the DNS protocol itself is unencrypted and is much easier to monitor than encrypted HTTPS. ....
[Read More >>]
James McQuiggan, Security Awareness Advocate,  KnowBe4
February 26, 2020
This kind of attack is like buying a suitcase.
This type of attack is supporting evidence that criminal hackers are evolving their tactics, tools and procedures to elude the cybersecurity control systems of organizations. By using DNS to collect information from .txt files, represents another way to transmit the commands needed from the criminal groups command and control (C2) servers. Organizations with a robust cybersecurity program should ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article