No, but you can have it do a TXT lookup and check the response, or something similar. For bonus marks, sign the response using an asymmetric key so that it can't be reverse engineered.
(or any one of a thousand other options that would be far better than a single DNS lookup as this one seemingly did) Scott On Sun, May 14, 2017 at 5:31 PM, Hamish Moffatt <ham...@cloud.net.au> wrote: > On 15/05/17 10:25, Paul Bolger wrote: > >> The next one will have the kill switch encrypted. >> > > I think it was discovered by watching the network traffic from an infected > computer - the investigator would have noticed the DNS lookup requests for > the magic domain. You can't encrypt that. > > > Hamish > > _______________________________________________ > Link mailing list > Link@mailman.anu.edu.au > http://mailman.anu.edu.au/mailman/listinfo/link > _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link