zBLD vs. DGA — Detecting Algorithmically Generated Domains
· 2 мин. оқу

Malware and botnets use Domain Generation Algorithms (DGA) to generate hundreds or thousands of short-lived domains for communication with command-and-control infrastructure.
An attack example from real OpenBLD logs:
s-dfgfd-sdfz...zdssragv[.]mom96bccebb2f7e...wu7y6z[.]com60r...60pg0131[.]cc- and billions of similar domains.
Why are DGA domains harmful?
Beyond their malicious purpose, this chaotic DNS traffic pollutes resolver caches, increases CPU and I/O usage, and generates large volumes of low-value logs. At scale, it can cause higher resource consumption and degraded DNS performance.
