Page 1 of 1

[The Register] There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

Posted: Mon Apr 29, 2019 2:30 pm
by parityboy
Weird things are afoot with NordVPN's app and the traffic it generates - Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets' command-and-control servers.

Although NordVPN has told us this is expected behaviour by the app and is intended as a counter-blocking mechanism, the company's explanation has shifted a number of times.

...

Further scratching of heads led to infosec bod Ryan Niemes' personal blog, where he had written about exactly the same odd traffic. Except Niemes had noticed something else too: these domains weren't owned by anybody. So he bought them and spun up an EC2 instance to log what was coming in.
Source