jm + txt   1

New Spam Campaign Controlled by Attackers via DNS TXT Records
Ah, Google, what were you thinking?
When decoded, this string is an URL to Google's public DNS resolve for a particular domain. For example, the above string decodes to https://dns.google.com/resolve?name=fetch.vxpapub.[omitted].net&type=TXT.

The attachment's script will use this URL to retrieve the associated domain's TXT record.
A TXT record is a DNS entry that can be used to store textual data. This field is typically used for SPF or DMARC records, but could be used to host any type of textual content.

The nice part about using the Google's DNS resolver is that the information will be returned as JSON, which makes it easy for the malicious script to extract the data it needs.


(via Paul Vixie)
txt  dns  google  resolvers  spam  fail  security  via:paulvixie 
14 days ago by jm

Copy this bookmark:



description:


tags: