[Add] Malware quickly adopting DoH
Bret Jordan <jordan.ietf@gmail.com> Mon, 09 September 2019 17:21 UTC
Return-Path: <jordan.ietf@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5690812008C for <add@ietfa.amsl.com>; Mon, 9 Sep 2019 10:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnxcJl61K78V for <add@ietfa.amsl.com>; Mon, 9 Sep 2019 10:21:51 -0700 (PDT)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB84120018 for <add@ietf.org>; Mon, 9 Sep 2019 10:21:51 -0700 (PDT)
Received: by mail-ot1-x32c.google.com with SMTP id g25so12079753otl.0 for <add@ietf.org>; Mon, 09 Sep 2019 10:21:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :to; bh=2WbcCsyKlntghT7UaaTX1csTynlBcSs1ixuZjlhFaaM=; b=Z5Dd0HE6eptN74MvGmS3HiEsspH+RdO6KFoznEYbXkbNa+1gWUBpACx3BpsPpAfQpq 3PU+AyI+HGoPx3ObtHg4lvdkmjN72+5Of0BQs9Cr+gh+YTIeNttppGWWfus5lUYYrIQ6 BO1jATCrAgaD+2Cl7rEloyF+RDTA9jap6tcKoahy/lxobAh4gcRERCQKIOQzt+9u8a/n 7v0UQ0WmDiwpruWI3bGgz3FgSTp3l94Sof3cqyVvFMPFvRFZXN385IUvFWb5cJ4phcdO CtlCN6K5TxHZrDtWe46eu0vDfRBxAf8ukuHWz15gvYQTdryo57MaTbt7N84cB6TEUHZU fpQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version:date :subject:message-id:to; bh=2WbcCsyKlntghT7UaaTX1csTynlBcSs1ixuZjlhFaaM=; b=nn9ra8saYBKm2/2T6AwyA3Z8qsGe6R8OkeKCrGVerKCyNRqBQ0FAEHEwCDK29otd6k 2GVqujZLPL2y0XkR3n5cQNQRskXAdKjdVN2rPjJk1izRZjEaAIpDjt0mWYN3ZzfL5jmp 3SrC7PqeTs1kwjiyuTtezCm8VYIbLO3nV9z/N+GPOUWZEIAPSjzwHL8LvwDEWaptsP1N 7zV0pOsENmac9/keQQsEwip2nKUyPbTBkmHkhy28qf5Eny+NII6PlYiyPdHxW+ky+qrj YLQ+SizBjne8FoEaJNivk5v2aJMo1bRrfmvxJ6HGjp3VBld9/unu6spXv8+Zqfm7FqyG MEOQ==
X-Gm-Message-State: APjAAAV0gJ9T1BIQ8Vv3rkk4tYcTF0oN+Vroh2rRRbkjCiYNrkgFA4rq DWen1kdRPYzDBeFB7tI6P1pOdikR
X-Google-Smtp-Source: APXvYqxwwzhRdyCBJpPR1bm74SqvZDouu4pvIii6MsioVNjFFxEcsUJZ+Bxz4UhppERqCRxWgnk6OQ==
X-Received: by 2002:a9d:4b8d:: with SMTP id k13mr22120024otf.209.1568049710680; Mon, 09 Sep 2019 10:21:50 -0700 (PDT)
Received: from [100.112.219.127] (232.sub-174-206-15.myvzw.com. [174.206.15.232]) by smtp.gmail.com with ESMTPSA id r67sm2143566oib.50.2019.09.09.10.21.49 for <add@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Sep 2019 10:21:49 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-C779C0A3-398E-4EB0-B77C-A696CE7C80E7"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Date: Mon, 09 Sep 2019 19:21:47 +0200
Message-Id: <34984ADC-C594-40AC-8540-2DDC6C5ACBC5@gmail.com>
To: add@ietf.org
X-Mailer: iPhone Mail (16G77)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/A6ln2MS7j04di__lYXoJdC9shAs>
X-Mailman-Approved-At: Mon, 09 Sep 2019 14:16:40 -0700
Subject: [Add] Malware quickly adopting DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 17:21:53 -0000
Just making sure people here have seen this. https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module Bret Sent from my Commodore 128D PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
- [Add] Malware quickly adopting DoH Bret Jordan
- Re: [Add] Malware quickly adopting DoH Alec Muffett