https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol
Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol.
The malware, named Godlua, was detailed in a report published on Monday by the company's researchers.
According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems. It's written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner.
My question is, how is Webroot going to start protecting against this? We currently don't use Webroot's DNS protection, but even if we did, it wouldn't do anything because with DoH, DNS traffic is encapsulated in HTTPS requests.
More info on the DoH protocol can be found in the Internet Engineering Task Force's (IETF) document RFC 8484.
First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
+20Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.