Olivier van der Toorn

Last week, October the 31st, was IMC, in Boston, USA. IMC is a top Internet
measurements conference. The TIDE-project was there too to promote the malware
in DNS TXT records project. We presented a poster on which we got quite a lot
of interest. People were surprised there were pieces of code in TXT records.
Below you can see the poster we have presented.

The poster shows the rise of TXT records along with what we have classified as
‘other’. This category has grown from 1.69% to 11.03%.

In the yellow row we show examples of code we have found in TXT records. Our
hypothesis is that there is more to be found, just that the ‘attack’ has
obfuscated to code making it hard to find. We have taken it on to ourselfs to
find these obfuscated pieces of code.

The poster can be found here: png | pdf

Note: the pdf is large.