Understanding and protecting against DNS threats with Avast

Luis Corrons 14 Dec 2023

You might not have heard of DNS--but cybercriminals definitely have. Here's how they exploit it to steal your data.

Welcome to the digital age, where the internet is as essential as the air we breathe. But did you know that every time you visit a website, there's a hidden hero working behind the scenes? It's called the Domain Name System (DNS), akin to a phonebook for the internet, translating website names into addresses that computers understand. Think of it as the reason you can easily navigate to your favorite sites without memorizing complex numbers. 

The threat landscape 

The internet, a vast network of connections and information, relies heavily on the Domain Name System (DNS). But in this expanse, there are hidden pitfalls. Cybercriminals have learned to exploit DNS, turning this critical system into a weapon against unsuspecting users. Here’s how they do it, illustrated through a few notorious malware examples: 


Think of ViperSoftX as a crafty pickpocket who uses a fake street sign to lead you into an alley where they can steal your wallet. This malware tricks your computer into connecting with a harmful website by misusing DNS. It's often hidden in software downloaded from less reputable sources, stealing your personal information like cryptocurrency or manipulating your web browser without you noticing. 

DarkGate (MehCrypter/Meh) 

DarkGate is like a deceptive flyer, always trying different tricks. It can disguise itself as a harmless document, tricking you into downloading harmful software. Once inside, it uses DNS to secretly communicate with its masterminds, stealing sensitive information like your passwords or bank details. 


Imagine DirtyMoe as a master of disguises, constantly changing appearance to avoid being caught. This malware rapidly alters its digital 'face' (IP addresses) using DNS, making it hard for security experts to track and stop it. Its harmful activities range from taking over your computer for cryptocurrency mining to launching attacks on other systems. 


Picture Crackonosh as a sneaky mechanic who tampers with your car while pretending to fix it. Hidden within illegal, cracked versions of popular software, it secretly uses your computer to mine cryptocurrency, benefiting the attackers. It cleverly communicates with its control center using DNS, staying hidden from security measures. 

Each of these malware families showcases a different way DNS can be abused, affecting everyday users in various harmful ways. 

Avast’s proactive approach 

At Avast, we’re like the digital guardians, always a step ahead in safeguarding your online journey. Our state-of-the-art technology constantly monitors and blocks these DNS threats, ensuring you’re protected even when you’re not thinking about it. With Avast’s solutions, you can browse, shop, and socialize online with peace of mind. 

So, how can you fortify your digital fort? First, stay informed about the basics of internet safety. Second, let Avast be your shield. If you’re using Avast, make sure you’re on the latest version (23.8 or newer) for optimal DNS protection. Just activate the option “Enable DNS/DoH scanning” as shown in the following screenshot and you are all set!

   MicrosoftTeams-image (21)

 Remember, understanding these threats is half the battle won. For those who want to dive deeper, we’ve detailed these DNS threats in a technical article on our Decoded blog. Curiosity piqued? Give it a read! Meanwhile, keep your digital life secure by updating to the latest Avast version. Happy and safe browsing! 


--> -->