An attack dubbed DNSMessenger was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign. When opened, the file masquerades as a “protected document” secured by McAfee. The script is written in Powershell, a powerful scripting language built into Windows that allows for the automation of system administration tasks. The third stage of the attack contains an additional obfuscated script that establishes a two-way communications channel over the Domain Name System.”]