Bleeping Computer

Malware Retrieves PowerShell Scripts from DNS Records

Malware researchers have come across a new Remote Access Trojan (RAT) that uses a novel technique to evade detection on corporate networks by fetching malicious PowerShell commands stored inside a ...
Ars Technica

Hackers exploit a blind spot by hiding malware inside DNS records

Hackers are stashing malware in a place that’s largely out of the reach of most defenses—inside domain name system (DNS) records that map domain names to their corresponding numerical IP addresses.
Ars Technica

windows 2012 r2 dns-server audit log event id 520

Having an issue today. It seems like DNS records for various workstations are disappearing from DNS. On the DNS server, I'm seeing DNS 520 events. It looks like the host itself is sending dynamic ...