- Akamai researchers reveal and explain why, in Domain Name System (DNS) traffic data, we observe behavior from dynamically seeded domain generation algorithm (DGA) families that is different from what their reverse engineered algorithm seems to suggest.
- The modified behavior suggests that malicious actors are attempting to further increase the DGA families’ capability to extend the lifespan of their command and control (C2) communication channels, thus protecting their botnets.
- Security researchers find it more complex to predict the future-generated domain names for dynamically seeded DGAs than for statically seeded DGAs.
- A closer look at the Pushdo and Necurs DGA families reveals that they output malicious domains both before and after their expected generation dates.
read more