Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol.
The malware, named Godlua, was detailed in a report published on Monday by the company’s researchers.
According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems. It’s written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner.
But Netlab researchers say the malware actually works as a DDoS bot and they’ve already seen it being used in attacks, with one aimed against liuxiaobei.com, the homepage of a Liu Xiaobei fan site.
DoH helps malware avoid passive DNS monitoring
Researchers say they’ve spotted two Godlua versions so far, with a somewhat similar architecture. Both versions used DNS over HTTPS requests to retrieve the TXT (text record) of a domain name, where the URL of a subsequent command and control (C&C) server was being stored, and to which the Godlua malware was supposed to connect for further instructions.
This technique of retrieving the URL addresses of second/third stage C&C server from DNS text records isn’t new. The newness here is the usage of a DoH request instead of a classical DNS request.
As the protocol’s name clearly states, DNS over HTTPS works by sending DNS requests via an encrypted HTTPS connection, rather than using a classic plaintext UDP request.
The DoH (DNS) request is encrypted and invisible to third-party observers, including cyber-security software that relies on passive DNS monitoring to block requests to known malicious domains.
Looming problem for cyber-security community
Many have expressed fears that other malware strains will now also adopt this feature, rendering a large chunk of cyber-security products that rely on passive DNS monitoring useless.
Their fear is justified; however, the cyber-security community has always found workarounds to any tricks malware employs, and it’s expected they’ll find one to deal with any strains that use DoH, as well.
More info on the DoH protocol can be found in the Internet Engineering Task Force’s (IETF) document RFC 8484.
Major browsers like Firefox and Chrome already support DoH. Last month, Google announced DoH support for its public DNS service, which the company provides for free to users in countries where governments are filtering and blocking internet traffic based on passive DNS monitoring.
Related malware and cybercrime coverage:
Here’s How Long A Tesla Model Y Battery Will Actually Last
Many of us have found ourselves at the side of the road waiting for someone to arrive with a gas can to fill our empty tank. Pushing your gasoline-powered engine too far when the gauge is reading “E” will do that. And like pushing your luck with these types of vehicles, you’ll find yourself in a similar situation with an all-electric model if you aren’t planning your journey with care, requiring roadside assistance or an emergency charging solution.
The Tesla Model Y is equipped with a long-range battery that will last you a full day on the road in the vast majority of situations. If you are driving the Performance Model Y, this vehicle will carry you an average of 303 miles on a full charge, according to Tesla. Should you be considering the Long-Range Model Y, you can expect the battery to last longer, getting 330 miles on the same charge.
By charging the EV overnight when you are finished, you’ll have a fully charged battery to begin your day, assuming you have a home charger. And if you are running low on juice, you’ll find over 35,000 Tesla Supercharging Stations around the world, around 1,400 of which are in the United States, according to the latest data from Scrape Hero. Plug your Model Y into one of these spots and Tesla says on its website that you can expect to get around 200 miles of range after 15 minutes of charging.
The Most Luxurious Features Of Leonardo DiCaprio’s $1.5 Million Motorhome
The features inside DiCaprio’s trailer are over-the-top, to say the least. It is 53-feet-long with four slide-out sections that can extend from 400 to 700 square feet at the touch of a button (via The Sun). According to Rovsek, it is the largest and most luxurious motorhome in the entire fleet.
It comes equipped with two fireplaces (in case one was not enough), and state-of-the-art technology including seven TV screens throughout the entire trailer. The motor home features mirror-covered ceilings and heated marble floors in the bathrooms, living room, and kitchen. It also features a wine bar and heated marble floors, according to Bloomberg Quicktake.
Surprisingly, the crown jewel in this upscale trailer is not the lounge area or the master bedroom. Instead, it is a custom-designed £40,000 walk-in shower. The shower was reportedly made with recycled glass and took craftsmen two weeks to install (via The Sun).
Here’s The Easiest Way To Scan Your Android Phone For Viruses
There’s a common misconception about smartphones, and it’s a dangerous one: many people believe they don’t need to worry about viruses, spyware, and malware when they’re using a phone. If only that were true! Unfortunately, there are tons of smartphone viruses out there, and it’s more important than ever to try to protect yourself. After all, it’s not uncommon for our phones to hold access to some of our most private data, including passwords, messages, and even bank accounts. If you want to stay safe, it’s a good idea to scan your phone with an antivirus app.
You might often hear about various computer hacks and exploits, but when it comes to smartphones, things are usually pretty quiet — but that’s not due to a lack of malicious software. According to AVTest, the number of Android malware is steadily growing. In 2021, the company registered 3.28 million instances of Android-specific malware, and there might very well be many more in reality. Even if you’re normally careful, it’s important to go the extra mile if you want to secure your phone alongside some of your most important data.
Remember that even phones that come with various protective measures from the get-go, such as the Samsung Galaxy handsets, can become compromised. If you already have an antivirus app on your phone, make sure to use it regularly. However, if you don’t or you do but you’re looking to switch to something else, read on to see some of the options available.
Popular antivirus apps for Android
Much like there are plenty of viruses that affect Android phones, there are also lots of antivirus apps that might seem great at first glance. However, upon closer inspection, some of them are riddled with ads and don’t actually do much to help you stay protected. When you search for the right app to suit your needs, some of them will be free and some will require an upfront payment or a monthly subscription. Here are some of the most popular options (based on download numbers and ratings) for you to explore.
- BitDefender for Android: You can use the free version of this app that will passively protect your phone as well as allow scanning for viruses, but you can also pay to use the full-fledged version that expands the security and adds VPN access.
- Avast One Essential: Avast is a well-known antivirus company in the PC space, but it also has a popular Android app. You can use the app for free to receive virus protection and a small amount of VPN bandwidth, but there’s a premium option too — and, unfortunately, the app will constantly remind you of that fact.
- Norton 360: This is yet another PC giant that made its way to Android. Norton doesn’t offer a free version of its app, but if you’re willing to pay for it, you will get a number of features, including an ad blocker and a Wi-Fi analysis tool. The app costs $14.99 per year for the first year and then goes up to $30 per year.
- Kaspersky for Android: This is a solid antivirus option even if you use the free version, but unfortunately, you only get real-time protection if you pay $15 per year for the premium version.
Pick the app that best suits your needs, download it from the Google Play Store, and install it onto your Android smartphone or tablet.
How to use antivirus software on Android
Each of the apps mentioned above should provide you with enough protection to not have to worry about Android viruses too much. Whether you chose a paid or a free version, you will have access to a tool that will scan your phone for malicious software. You should do this periodically. Doing so every couple of weeks is a safe approach, especially if you use your phone often. Make it a habit to always run a scan if you accidentally find yourself clicking a link that doesn’t seem all too trustworthy, too. We’ll now give you a quick rundown of what to do with your new antivirus app.
- Pick your app and install it through the Google Play Store.
- You will most likely have to register an account to use the app.
- If you are picking a paid option, pay for your chosen service.
- Each of the apps will offer to scan your phone as the first step after set-up. This will check all of the apps on your phone and your storage for viruses.
- Once the scan is concluded, you can review the results. If any viruses were found, you’ll be told where they were. Remove all of them through the app.
- Go into the app settings and look for options to set up regular scanning. Depending on the app, you may also be offered real-time protection, which will run in the background as you use your phone.
Make sure to repeat these scans every so often. After you’ve had the chance to familiarize yourself with the free version of the antivirus product, you might want to consider upgrading. In the case of BitDefender and Avast, it’s most likely going to be worth it — especially if you want to regularly use a VPN and don’t already subscribe to one.
Chrome “Feed” is tantalizing, but it’s not the return of Google Reader
Enlarge / Digging into bleeding-edge Chrome code has made some bloggers hopeful, but Google has been focused on its own...
Here’s How Long A Tesla Model Y Battery Will Actually Last
Many of us have found ourselves at the side of the road waiting for someone to arrive with a gas...
Sweeping report alleges inequity, sexual harassment at Nintendo’s American HQ
Nintendo Through the first half of 2022, Nintendo of America has been in the crosshairs of critics and the US...
SAIC Mobility Robotaxi valued at $1B after $148M Series B – TechCrunch
SAIC Mobility Robotaxi, an arm of state-owned Chinese automaker SAIC aiming to launch a commercial robotaxi service, raised $148 million...
The Real Reason The US Cancelled This Multi-Billion Dollar Helicopter Project
Prior to UAVs like the MQ-1 Predator and MQ-9 Reaper capturing the public’s attention during the War on Terror, stealth...
Social4 months ago
Web.com website builder review
Social3 years ago
CrashPlan for Small Business Review
Gadgets4 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars4 years ago
What’s the best cloud storage for you?
Mobile4 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social4 years ago
iPhone XS priciest yet in South Korea
Security4 years ago
Google latest cloud to be Australian government certified
Social4 years ago
Apple’s new iPad Pro aims to keep enterprise momentum