📚 Malware Uses Word Puzzles to Derive C&C Server IP Address

Malware authors can be quite creative when it comes to avoiding security researchers but after almost three decades of malware analysis, there still are malware families that manage to surprise infosec professionals once in a while. So is the case with a backdoor trojan that Palo Alto Network has detected used in two separate cyber-espionage campaigns. Palo Alto says the two samples they looked at used a very peculiar and inventive method of determining their C&C servers. CONFUCIUS malware takes novel approach to C&C server resolution While low-quality malware uses IP addresses hardcoded in its source code, top-shelf threats use dynamic domain name generation algorithm (DGA) in order to hide the real C&C server IP addresses under ever-changing domain names. Both malware samples, which they named CONFUCIUS, didn't use either of these two methods. Researchers say that during analysis, both samples didn't query any out-of-the-ordinary sites, nor em... ...