Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmNew Spam Campaign Controlled by Attackers via DNS TXT Records2019-06-12T09:24:47+00:00
https://www.bleepingcomputer.com/news/security/new-spam-campaign-controlled-by-attackers-via-dns-txt-records/
jmWhen decoded, this string is an URL to Google's public DNS resolve for a particular domain. For example, the above string decodes to https://dns.google.com/resolve?name=fetch.vxpapub.[omitted].net&type=TXT.
The attachment's script will use this URL to retrieve the associated domain's TXT record.
A TXT record is a DNS entry that can be used to store textual data. This field is typically used for SPF or DMARC records, but could be used to host any type of textual content.
The nice part about using the Google's DNS resolver is that the information will be returned as JSON, which makes it easy for the malicious script to extract the data it needs.
(via Paul Vixie)]]>txt dns google resolvers spam fail security via:paulvixiehttps://pinboard.in/https://pinboard.in/u:jm/b:f1c061c3ee1a/