New Fileless Malware Uses DNS Queries To Receive PowerShell Commands

It is no secret that cybercriminals are becoming dramatically more adept, innovative, and stealthy with each passing day.

While new forms of cybercrime are on the rise, traditional activities seem to be shifting towards more clandestine techniques that involve the exploitation of standard system tools and protocols, which are not always monitored.

The latest example of such attack is DNSMessenger – a new Remote Access Trojan (RAT) that uses DNS queries to conduct malicious PowerShell commands on compromised computers – a technique that makes the RAT difficult to detect onto targeted systems.

The Trojan came to the attention of Cisco’s Talos threat research group by a security researcher named Simpo, who highlighted a tweet that encoded text in a PowerShell script that said ‘SourceFireSux.’ SourceFire is one of Cisco’s corporate security products.


Read full story…