What is Domain Shadowing?
When attackers use a server for spreading malware, the IP of the server often gets blacklisted. And that creates lots of inconveniences for the attackers. To circumvent that, attackers use techniques like domain shadowing. In domain shadowing, attackers create many sub-domains from compromised domain accounts and randomly generate strings to point them. These sub-domains themselves do not contain any malware. But they redirect to a malware landing page that spreads malware.
In this article, we will discuss:
-
What is Domain Shadowing?
-
How does Domain Shadowing work?
-
Why is Domain Shadowing difficult to detect and prevent?
-
How is Domain Shadowing different from Fast Flux?
-
How to detect and prevent domain shadowing?
0 Comments