←back to thread

Cloudflare scrubs Aisuru botnet from top domains list

(krebsonsecurity.com)
97 points jtbayly | 1 comments | 08 Nov 25 16:25 UTC | HN request time: 0s | source
Show context
chrismorgan ◴[08 Nov 25 18:04 UTC] No.45858614[source]
> Aisuru switched to invoking Cloudflare’s main DNS server — 1.1.1.1

I don’t suppose they use DNS to find their command-and-control servers? It’d be funny if Cloudflare could steal the botnet that way. (For the public good. I know that actually doing such a thing would raise serious concerns. Never know, maybe there would be a revival of interest in DNSSEC.) I remember reading a case within the last few years of finding expired domains in some malware’s list of C2 servers, and registering them in order to administer disinfectant. Sadly, IoT nonsense probably can’t be properly fixed, so they could probably reinfect it even if you disinfected it.

replies(3): >>45858651 #>>45858963 #>>45859757 #
Vespasian ◴[08 Nov 25 18:09 UTC] No.45858651[source]
I wonder whether by now the botnets moved on to authenticating C2 server and using fallbacks methods if the malware discovers an endpoint to be "compromised"
replies(1): >>45858846 #
1. monerozcash ◴[08 Nov 25 18:37 UTC] No.45858846[source]
That's been happening for well over 20 years, and I'm sure there are even earlier examples.