Poster presentation at IMC 2018

November 8, 2018 Olivier van der Toorn

Last week, October the 31st, was IMC, in Boston, USA. IMC is a top Internet
measurements conference. The TIDE-project was there too to promote the malware
in DNS TXT records project. We presented a poster on which we got quite a lot
of interest. People were surprised there were pieces of code in TXT records.
Below you can see the poster we have presented.

The poster shows the rise of TXT records along with what we have classified as
‘other’. This category has grown from 1.69% to 11.03%.

In the yellow row we show examples of code we have found in TXT records. Our
hypothesis is that there is more to be found, just that the ‘attack’ has
obfuscated to code making it hard to find. We have taken it on to ourselfs to
find these obfuscated pieces of code.

The poster can be found here: png | pdf

Note: the pdf is large.

blog

Home

About

Consortium

People

Publications

Posters

Slides

Blog

Recent Posts

ANYway: Measuring the Amplification DDoS Potential of Domains (preprint)

TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records

A Case of Identity: Detection of Suspicious IDN Homograph Domains Using Active DNS Measurements

Looking beyond the horizon: Thoughts on Proactive Detection of Threats

Unicode Homoglyphs