Connect with us


First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol



Ten malware families linked to Necurs botnet found on US servers
It is unusual for such malware to be found on infrastructure hosted in the US.

Security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever malware strain seen abusing the DNS over HTTPS (DoH) protocol.

The malware, named Godlua, was detailed in a report published on Monday by the company’s researchers.

According to the Netlab team, Godlua is a malware strain written in Lua, which acts like a backdoor on infected systems. It’s written to work on Linux servers, attackers are using a Confluence exploit (CVE-2019-3396) to infect outdated systems, and early samples uploaded on VirusTotal have mislabeled it as a cryptocurrency miner.

But Netlab researchers say the malware actually works as a DDoS bot and they’ve already seen it being used in attacks, with one aimed against, the homepage of a Liu Xiaobei fan site.

DoH helps malware avoid passive DNS monitoring

Researchers say they’ve spotted two Godlua versions so far, with a somewhat similar architecture. Both versions used DNS over HTTPS requests to retrieve the TXT (text record) of a domain name, where the URL of a subsequent command and control (C&C) server was being stored, and to which the Godlua malware was supposed to connect for further instructions.

This technique of retrieving the URL addresses of second/third stage C&C server from DNS text records isn’t new. The newness here is the usage of a DoH request instead of a classical DNS request.

As the protocol’s name clearly states, DNS over HTTPS works by sending DNS requests via an encrypted HTTPS connection, rather than using a classic plaintext UDP request.

The DoH (DNS) request is encrypted and invisible to third-party observers, including cyber-security software that relies on passive DNS monitoring to block requests to known malicious domains.

Looming problem for cyber-security community

The discovery that Godlua uses DoH to hide DNS traffic sent shockwaves through the cyber-security community this week, with many reacting on both Twitter [1, 2] and Reddit.

Many have expressed fears that other malware strains will now also adopt this feature, rendering a large chunk of cyber-security products that rely on passive DNS monitoring useless.

Their fear is justified; however, the cyber-security community has always found workarounds to any tricks malware employs, and it’s expected they’ll find one to deal with any strains that use DoH, as well.

More info on the DoH protocol can be found in the Internet Engineering Task Force’s (IETF) document RFC 8484.

Major browsers like Firefox and Chrome already support DoH. Last month, Google announced DoH support for its public DNS service, which the company provides for free to users in countries where governments are filtering and blocking internet traffic based on passive DNS monitoring.

Related malware and cybercrime coverage:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Porsche may step into F1 competition



Formula 1 racing fans are always on the lookout for more competition and better-performing cars. Something interesting has surfaced that claims iconic sports car manufacturer Porsche and its parent company Volkswagen Group are considering entering Formula 1 competition. Porsche and its parent company are reportedly considering entering F1 competition if the next engine regulations for the sport, expected to be introduced in 2025, meet company goals.

Porsche Motorsport Vice President Fritz Enzinger said that F1 racing would be of “great interest” if regulations focused on sustainability aspects, specifically e-fuels. The executive said if those green aspects were confirmed, it would evaluate them in detail and discuss further steps. F1 is considering e-fuels, which are carbon-neutral fuels able to power internal combustion engines without the impact on the environment seen from normal fossil fuels.

Several types of e-fuels available, with some being bio-fuels made from biomass and others completely synthetic, manufactured using industrial processes that capture carbon in the atmosphere. F1 officials have committed the sport to making e-fuels a central part starting in 2025.

F1 officials have confirmed that Porsche is involved in discussions around new engine rules. It would be very interesting to see Porsche step into Formula One racing pitting it against the other major manufacturers such as Mercedes and Ferrari that are big in the sport. Formula 1 plans to be net-zero carbon status by 2030. Sources have confirmed that if the VW Group does decide to enter F1 competition, it would be with either the Porsche or Audi brands. Both brands have significant racing efforts in other branches of motorsports.

One interesting potential would be for Porsche or Audi and Red Bull to tie up Red Bull is losing its engine partner. Honda has announced it is pulling out of F1 racing at the end of the current season, but Red Bull will run Honda engines through the end of 2024.

Continue Reading


Massive Texas power outage teaches hard lessons about EVs



The last few weeks have been brutal down in Texas as a massive and extremely uncommon winter storm left many residents without electricity for days. Some larger Texas cities are pushing hard to move municipal fleets to electric vehicles, and the power outage came with a tough lesson about EVs and the strains they could add to the power grid. During the massive storm, Austin’s entire fleet of 12 electric buses were inoperative due to the power outage.

Similar problems in the future can be an even bigger issue as city officials intend to begin purchasing only electric vehicles. Currently, the Austin transit agency has $650 million budgeted for the next 20 years to purchase electric buses and charging facilities for 187 vehicles. Officials are now scrambling to figure out how to deal with power issues like those caused by the recent storm. Many believe that what happened to Austin highlights a challenge facing municipal, state, and federal governments around the country and the world.

As more and more automakers vow to go to electric vehicles only an ever-increasing strain will be added to power grids that are often already strained. The massive push to electrification for automobiles will mean utility companies and power generators have to invest billions of dollars to bring additional capacity on board. Average everyday Americans all around the country will end up footing the bill for this with increased electric bills even if they don’t own an electric vehicle.

California faces a similar problem with rolling blackouts already an issue within the state due to summer heat. California plans to actively phase out sales of gas and diesel vehicles by 2035. If that goal is achieved, additional capacity for the electric grid will be required. One estimate has found that a utility company with 2 to 3 million customers would need to invest between $1700-$5800 in grid upgrades for each electric vehicle through 2030 to meet demand. That can reach a total investment of $200 billion compared to the $2.6 billion some companies plan to invest. Utility bills around the country will undoubtedly go up as utility companies aim to regain their investment.

Continue Reading


A longer Land Rover Defender called the 130 is coming



The Land Rover Defender returned to the US in recent months and has proven to be a popular SUV for many buyers. Currently, the vehicle can be had in two-door and a longer four-door version known as the Defender 110. Many buyers have been clamoring for something with more space in the third row, and Land Rover is set to deliver.

A new Defender 130 is on the way, according to a recent report. The 130 will have 14 extra inches of body, giving it a much more usable third-row seat. The optional third row in the 110 is only fit for smaller children. The longer Defender could mean a third row suitable for actual adults.

The 130 will be targeted at buyers in the US, China, and the Middle East. The chassis for the 130 will be the same with the same wheelbase as the Defender 110. However, the vehicle will have an overall length of 201 inches. While more space inside the Defender 130 is exciting, even more exciting was the recent announcement of a new V-8 engine option for the Defender in 2022.

Land Rover is offering a supercharged V-8 engine under the hood. The downside to putting the V-8 engine in the vehicle is that the price jumps up significantly. For 2022 the Defender 90 V-8 (pictured) starts at $97,200, with the Defender 110 V-8 starting at $100,400.

No matter which version you purchase, they get the same 5.0-liter supercharged V-8 that makes 518 horsepower and 461 pound-foot of torque. Land Rover says the Defender 90 V8 will reach 60 mph in 4.9 seconds and 149 mph given enough road. Both six-cylinder and four-cylinder engines remain options.

Continue Reading