Sunday, March 21, 2010

Finding Malware Using Cached DNS entries

This is an interesting way of checking your DNS cash for malicious domains, an easier method instead of examining the DNS server log. This might miss some domains with low TTL value, but still very handy.

After some trials on a small ISP DNS server, the short TTL is dominating Zeus domain (1 min on average) , so checks should be on-going, with DNS overheads in mind.

Another good idea is to add more sources of malicious domains, check my list.

Great idea with minimum overheads.

No comments: