In association with heise online

23 July 2009, 14:45

Malware calls looky-likey domain names

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security experts F-Secure have noticed a change in the behaviour of malware. Trojans and other malware often try to call home and this behaviour could be a tell tale sign when a companies firewall or DNS servers are asked to resolve those addresses, as they were typically names like "" or "".

F-Secure say they have noticed, when examining targeted attacks on companies or organisations, that there has been a shift to a strategy to co-opt vendors brand names, or miss-spellings of them, in an attempt to camouflage the requests. Host names like "", "" and "" have been noted. The looky-likey domain names appear to be an attempt to fool busy system administrators when they are examining the firewall logs into thinking they are legitimate connections from auto-update mechanisms in applications.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit