Matt Weinberg and Duane Wessels are scheduled to deliver a talk at DNS-OARC 24 in Buenos Aires where they will present their review of the malicious UDP traffic absorbed by the A- and J-Root servers under VeriSign’s control. In their slides, Weinberg and Wessels identify two domains, 336901[.]com and 916yy[.]com, as the real targets with attacks peaking near five million queries per second for each domain on the A and J root servers. Both domains are registered to individuals in China, according to Whois data. The researchers also speculate that the attacks could have originated from a botnet pushing the BillGates or WebTools malware, both of which are known to generate DNS attacks.