The fun thing about curses is that they propagate. In this case, hackers using the Domain Name System (DNS) to distribute malware inspired Michael "B'ad Samurai" Bunner to create DNS Mad Libs, which uses the same technique as the recently-discovered DNS malware distribution hack to provide a distributed version of the popular word game.
"This project is inspired by previous research on the use of DNS TXT records to store and retrieve data, which can be used for various purposes including malware distribution and command & control," Bunner said in the project's README. "This is typically done by embedding malicious payloads in DNS records, which can then be resolved by compromised systems. In this case we utilize public API endpoints over HTTPS to retrieve the data from a trusted service, obscuring the true source of the data."
A domain name is rarely associated with a particular IP address forever—sometimes it's changed because of a website operator's decision, such as switching to a different host, and sometimes it's simply associated with a dynamic IP address that changes on the whims of an upstream internet service provider. DNS needs to be able to handle either of those cases.
DNS Mad Libs, like the embedded malware example before it, uses the ability to set a long TTL for DNS records to store more information than the system's designers would have expected. That way, it doesn't require a dedicated server to set up a new mad-lib—it just needs a series of DNS records for a domain set up in the way expected by the game's interface.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
