In this paper we will first provide an overview of what fast-flux service networks are, how they operate, and how the
criminal community is leveraging them, including two types which we have designated as single-flux and doubleflux
service networks. We then provide several examples of fast-flux service networks recently observed in the wild,.
Next we detail how fast-flux service network malware operates and present the results of research where a honeypot
was purposely infected with a fast-flux agent. Finally we cover how to detect, identify, and mitigate fast-flux service
networks, primarily in large networking environments. At the end we supply five appendixes providing additional
information for those interested in digging into more technical detail.