A joint Microsoft-Symantec team just took down the command and control servers for the Bamital botnet, comprising over eight million clients. While this is a positive development, those eight-million-plus clients are now hunting for new command and control servers using a built-in domain generation algorithm. It’s important that organizations identify infected clients and address the infection before new command and control servers spring up.
One way to identify those clients is through the use of Infoblox’s DNS Firewall. Our Malware Data Feed now includes domain names that Bamital looks up, so you can easily identify infected clients in your logs and reports.
You can learn more or sign up for a demo on the Infoblox DNS Firewall and the Infoblox Malware Data Feed page.
The Infoblox DNS Firewall stops clients from becoming infected by going to a malware website or clicking on a malicious link. DNS command and control requests from infected clients are not executed, therefore preventing the botnet from operating. All malware activities are logged and reported to pinpoint infected clients.