Umm...
It appears possible that up to 40% of tested networks have had some DNS tunneling. However... it's a stretch to say that this is, of itself, evidence of malware activity. It may well be merely that someone on the inside of the network wants access outside without the network admins knowing. There are many reasons why someone might want to do that, ranging from 'I want to collect personal email without letting company snoopers know' to 'I want some porn while at work'. Other possible, non-malware, reasons are left as an exercise for the student,
I don't do DNS tunneling. When I don't want the corporate net to know what I'm doing, I connect using the hotspot built into my iPad, over the cell phone net (T-Mobile, in this case) and don't go near the corp net. They have no idea what I'm doing as it never touches their network. Certain elements have been known to squeal that this is a security problem. I have been known to ignore them. i am, for example, connected via the hotspot right now; el Reg has been designated a hacker website and blocked on the corp net. (As to why I'm at the office at 05:46, that's a whole other story.) (Yes, really. El Reg is a hacker site. So is CNET. I'm not making this up. We got idiots in certain parts of higher-higher..)