- Threat Encyclopedia
- Network Content Inspection Rules
- DDI RULE 1542
Possible CONFICKER DNS Response
This is Trend Micro detection for packets passing through DNS network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of an infected host:
Attack Phase: Command and Control Communication
Protocol: DNS
Risk Type: MALWARE
Threat Type: Malicious Behavior
Confidence Level: High
Severity: Low(Outbound)| Low(Inbound)
DDI Default Rule Status: Disable
Event Class: Callback
Event Sub Class: DNS
Behavior Indicator: Callback
APT Related: YES
If scanning fails to detect a malware infection: