- Researchers found evidence that Joke Screenmate Malware is hiding on DNS servers
- Joke Screenmate is a harmless, prank malware
- There are ways to defend against it
Hackers found a way to hide malware in the domain name system (DNS), where he wisely avoided detection and flies under the radar. These are, according to security researchers from domain tools, who in a recent blog detailed how they discovered the joke screen mate malware hiding on DNS servers.
DNS is essentially Internet’s address book that transforms readable domain names (such as Techradar.com) into IP addresses used by computers to locate services. DNS items are available in different types, including TXT items, which are usually used to store descriptive text.
However, as domain tools explained, cyber criminals found a way to cut malware into small coded fragments and place them in a DNS TXT post under different subdomains. It is essentially a digital puzzle spread over different addresses. On its own, each part is harmless, but when it is assembled, it forms a malicious file.
Joke Screenmate
By using scripting tools, threat actors ask the DNS posts and reconstructing malware without triggering the usual security alarms, and since DNS traffic is typically confidence in, it does not travel suspicion.
In their writing, domain tools described researchers to find joke -screen mate, a program that triggers false system errors and causes erratic marker behavior. But maybe more alarmingly, they found a Powershell candle, a script that can download and perform more destructive malware.
While the attacking technique is perfidious, there are ways to defend. Cyber security teams should implement DNS traffic surveillance, looking for unusual patterns and repeated TXT queries. They can also use tools that inspect DNS items in addition to simple resolution functions, and should maintain threat information feeds that include malicious domains and subdomains.
So far, there were very few examples of abuse of wild, apparently, but as the technique seems to be pretty simple to pull off, it would not be too surprising to see it becoming more popular in the coming months.
Via Toms Hardware
