Light Dark
August 11, 2015 By Shane Schick 2 min read

One of the best ways to avoid malware is for virtual machine technology to scan for any suspicious-looking Web domains and make sure they’re walled off, but the latest version of the DGA Changer downloader may render such sandboxes nearly useless.

Researchers from Seculert, which first discovered DGA Changer two years ago, recently published a blog post showing how quickly the malware has evolved. Now, when cybercriminals who use the downloader encounter a virtual machine or sandbox, DGA Changer can generate a series of domain names that look real enough to evade detection.

As if that weren’t enough, SecurityWeek reported that attackers have actually purchased some of those fake domains so that, if an organization were to test them, it would encounter a dummy executable file that makes it even harder to keep the real malware at bay. This isn’t the first variant of DGA Changer that researchers have spotted in the wild this year, but if it works as experts believe, it could quickly become one of the most effective.

Although these are still early days for DGA-type threats, research is already underway to try to prevent such malware from getting past enterprise firewalls. The Register profiled an early prototype of a detection technique underway at Cisco, which compiles possible domain names and then compares them against various sources, scoring them for potential security threats. Similarly, researchers at Carnegie Mellon University have created classification algorithms to identify malware tools such as DGA Changer.

Of course, if domains aren’t mere gibberish, this kind of ranking analysis will be increasingly difficult to do. In fact, Threatpost suggested that, like it or not, it may be up to human beings to look at domain logs and second-guess those that aren’t familiar if they want to ensure the greatest level of protection. As machine learning matures, it’s possible that the industry will also come up with ways to better automate such work. But as this latest variant of DGA Changer proves, it will take a combination of both technology and human ingenuity to predict how this latest brand of cybercriminals will act — and to get in front of them before they come up with their next trick.

 |  |  |  | 
Shane Schick
Writer & Editor

More from

November 25, 2024

CISA adds Microsoft SharePoint vulnerability to the KEV Catalog

3 min read - In late October, the United States Cybersecurity & Infrastructure Security Agency (CISA) added a new threat to its Known Exploited Vulnerability (KEV) Catalog. Cyber criminals used remote code execution vulnerability in Microsoft SharePoint to gain access to organizations’ networks. The CISA press release states that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”However, Microsoft identified and released a patch for this vulnerability in July 2024. Cybersecurity experts are…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature