Verisign researchers: the December 2015 DDoS attack was not targeted at the Internet’s root servers

In December 2015, root server operators announced that, one 30 November and 1 December, several of the Domain Name System’s root servers had been affected by a DDoS attack. New research conducted by Verisign shows that the attack was not actually targeted at the root servers themselves, but at two domains (336901[.]com and 916yy[.]com) that are registered to individuals in China. The attacks could have originated from a botnet pushing the BillGates or WebTools malware, both of which are known to generate DNS attacks. More details here.