The Mozart threat is a brand-new piece of malware that has rather interesting features. Unlike most threats of its type, the Mozart malware communicates with its creators’ C&C (Command & Control) server via the DNS protocol.
The majority of threats that are similar to the Mozart malware tend to utilize the HTTP/HTTPS protocol as a means of communication with their C&C server. Using the DNS protocol tends to limit the functionality of the threat significantly, as it is not capable of collecting as much data from the compromised system. When a threat utilizes the DNS protocol for communication, it remains in ‘active listening mode.’ This means that the Mozart malware will check the C&C server to see if there are new commands that await to be executed regularly. By using the DNS protocol, the Mozart threat cannot send responses to the C&C server of the attackers. However, the upside of using the DNS protocol to communicate with the C&C server is that the activity of the threat will be very silent. This means that anti-malware applications may never spot the presence of the Mozart malware on the infected host. The Mozart malware's ability to evade anti-virus tools lies in the fact that they are far more relaxed when it comes to filtering DNS queries than they are in regards to filtering HHTP/HTTPS queries. This makes the Mozart malware a very stealthy threat that may remain active on a compromised computer for a long time.
Likely Building a Botnet
It is likely that the authors of the Mozart malware are using it to build a botnet. At the moment, the Mozart threat does not appear to get regular commands from the C&C server of the attackers. However, that does not mean that it is not a legitimate threat to users worldwide. Botnets consist of hijacked computers that operate in ‘zombie mode,’ oftentimes without the users ever realizing that their systems are a part of a botnet. Cyber crooks tend to use botnets to launch DDoS (Distributed-Denial-of-Service) attacks and other shady operations. It is essential for threats like the Mozart malware to remain unnoticed for as long as possible to keep the hijacked system as a part of the botnet. This is why the authors of the Mozart malware have chosen stealth over functionality.
If you want to protect your system from threats like the Mozart malware, make sure to download and install a genuine anti-virus application that will keep your computer safe.