DNS Messenger Remote Access Trojan | Infoblox Threat Center
Select Page

DNS MESSENGER

Fileless Random Access Trojan Opens a Backdoor

DNS Messenger is a recently discovered Remote Access Trojan (RAT) that opens a backdoor so that hackers can control the compromised machine remotely. These controlled machines then form a botnet, which can be used to perform DDoS attacks or to steal data, among other malicious activities. The uniqueness about this malware is that it is completely fileless, which means it can go undetected by traditional security tools including antivirus.

The attack employs Windows PowerShell because it offers greater power than what traditional Windows shell commands provide. The malware also uses DNS as its communication channel with its control center or C&C server, to deliver PowerShell binaries into the host machine and to exfiltrate data out from the compromised host.

Jaff – The Other Ransomware Attack
Jaff – The Other Ransomware Attack

DNS Messenger is a recently discovered Remote Access Trojan (RAT) that opens a backdoor so that hackers can control the compromised machine remotely. These controlled machines then form a botnet, which can be used to perform DDoS attacks or to steal data, among other malicious activities. The uniqueness about this malware is that it is completely fileless, which means it can go undetected by traditional security tools including antivirus.

The attack employs Windows PowerShell because it offers greater power than what traditional Windows shell commands provide. The malware also uses DNS as its communication channel with its control center or C&C server, to deliver PowerShell binaries into the host machine and to exfiltrate data out from the compromised host.

HOW INFOBLOX CAN HELP DEFEAT MALWARE

Disrupt cyber killchain and block malicious communications to C&C domainsDisrupt cyber killchain and block malicious communications to C&C domains.
Download ActiveTrust Eval Now »

Prevent DNS based Data Exfiltration, stop DNS Messenger and protect devices everywhere – on-premises, roaming or in remote officesPrevent DNS based Data Exfiltration, stop DNS Messenger and protect devices everywhere – on-premises, roaming or in remote offices
Download ActiveTrust Cloud Eval Now »

Curated and updated threat intelligence to stay on top of new and evolving threatsCurated and updated threat intelligence to stay on top of new and evolving threats.
Read Solution Note »

Sharing information with your existing security tools to rapidly contain threatsSharing information with your existing security tools to rapidly contain threats.
Learn More on Security Ecosystem »

Find Out if Malware Is Lurking in Your Network.

[contact-form-7 id="10507" title="Contact form 1"]