Level 64
Content Creator
Malware Hunter
A new backdoor malware called Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems.

Typically when a malware phones home to receive commands that should be executed, it will do so over the HTTP/S protocols for ease of use and communication.

Using HTTP/S communication to communicate, though, has its drawbacks as security software normally monitors this traffic for malicious activity. If detected, the security software will block the connection and the malware that performed the HTTP/S request.

In the new Mozart backdoor discovered by MalwareHunterTeam, the malware uses DNS to receive instructions from attackers and to evade detection. [.....]