The firm he works for literally pays him to track size and scale of malware outbreaks. Whats the best way to do that? Look for domains the malware attempts to communicate with and register them, pointing them at the firm's sinkhole server. From there the server can generate reports on how many connections it gets and from where.
He did what he would of done to any malware once he found an unregistered domain, he registered it. He didn't realise the malware was using that domain as a killswitch.
I'm the author of the post, I'll look at adding a short into to r2 when I get home from work tonight. Thanks for the feedback :). I (wrongly) assumed that anyone reading the article would be aware of r2.
Hey, I'm the author of the post (just found out someone linked it here). I've fixed the link to radare2.org now.. Can't believe I hadn't noticed that to be honest.
When I get home from work tonight I will add a short intro to r2, cheers for the feedback.
He did what he would of done to any malware once he found an unregistered domain, he registered it. He didn't realise the malware was using that domain as a killswitch.