Olivier van der Toorn

Last week, October the 31st, was IMC, in Boston, USA. IMC is a top Internet measurements conference. The TIDE-project was there too to promote the malware in DNS TXT records project. We presented a poster on which we got quite a lot of interest. People were surprised there were pieces of code in TXT records. Below you can see the poster we have presented.

The poster shows the rise of TXT records along with what we have classified as ‘other’. This category has grown from 1.69% to 11.03%.

In the yellow row we show examples of code we have found in TXT records. Our hypothesis is that there is more to be found, just that the ‘attack’ has obfuscated to code making it hard to find. We have taken it on to ourselfs to find these obfuscated pieces of code.

The poster can be found here: png | pdf

Note: the pdf is large.