This document discusses domain generation algorithms (DGAs) used by malware to establish command and control connections with botnets. It covers DGA characteristics and detection techniques like reverse engineering, Zipf's law analysis of domain bigram frequencies, maximum consonant sequence length, and hierarchical clustering of DNS query logs. Detection accuracy of 91% is reported using these techniques. The document also discusses countermeasures like sinkholing and using DNS response policy zones (RPZ) to block malicious domain resolutions.