No, but you can have it do a TXT lookup and check the response, or
something similar.  For bonus marks, sign the response using an asymmetric
key so that it can't be reverse engineered.

(or any one of a thousand other options that would be far better than a
single DNS lookup as this one seemingly did)

  Scott


On Sun, May 14, 2017 at 5:31 PM, Hamish Moffatt <ham...@cloud.net.au> wrote:

> On 15/05/17 10:25, Paul Bolger wrote:
>
>> The next one will have the kill switch encrypted.
>>
>
> I think it was discovered by watching the network traffic from an infected
> computer - the investigator would have noticed the DNS lookup requests for
> the magic domain. You can't encrypt that.
>
>
> Hamish
>
> _______________________________________________
> Link mailing list
> Link@mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
_______________________________________________
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Reply via email to