An anonymous reader writes: Tool could be used to detect activity from botnets such as Conficker, Kraken, and Torpig, which rotate domains in an effort to evade discovery and stay alive. Researchers have devised a new method to root out botnets that try to hide behind alternating domain names. Researchers from Narus Inc. and Texas A&M University, created a method of studying in real-time all DNS traffic for domain-flux activity. The researchers presented their findings this week at the ACM Measurement Conference in Melbourne. Their method basically looks at the pattern and distribution of alphabetic characters in a domain name to determine whether it's malicious or legitimate: This allows them to spot botnets' algorithmically generated (rather than generated by humans) domain names. Bottom line: Given that most domain names are already taken, botnet operators have to go with gibberish-looking names like Conficker does: joftvvtvmx.org, gcvwknnxz.biz, and vddxnvzqjks.ws, which their bots generate.