Hackers control bot client over P2P | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Search Engine Link Spam
Risks, Threats, Solution
The Perfect (Virtual) Marriage
Deduplication and VMware
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security » Anti-Virus »

Hackers control bot client over P2P

Nugache

By John Leyden → More by this author

Published Tuesday 2nd May 2006 14:38 GMT

Gartner Report: How IT Management Can "Green" the Data Center - Free Download

Security watchers are warning of a new worm that's propagating over instant messenger networks run by both AOL and MSN. Nugache-A is also spreading (albeit modestly) as an infected email that uses a variety of well-known Windows exploits to infect vulnerable Windows PCs.

If successful, the worm opens a back door that leaves compromised PCs as zombies under the control of hackers. The command and control channel technique used by the worm is unusual. Instead of a static list, the worm connects to infected peers, web security firm Websense reports. The SANS Institute's Internet Storm Centre (ISC) adds that the bots talk to each other via port 8/TCP over an encrypted P2P channel.

"A peer-to-peer command and control channel makes it more difficult to block commands issued to the bot. The traffic over this channel also uses obfuscation in an attempt to bypass intrusion detection systems," Websense reports. Additional information on the worm, and how to guard against attack, can be found in ISC's advisory here. ®

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

µTorrent silently fixes long-standing zero-day vuln (14 August 2008)
Polyglot worm spreads over MSN (23 January 2008)
Adware poses as ActiveX control (17 April 2007)
VXers target online video (1 November 2006)
SpamThru Trojan bundles own virus scanner (23 October 2006)
Botnet creators AIM high (21 September 2006)
Botnet herder jailed over hospital attack (29 August 2006)
Mocbot worm fuels zombie surge (23 August 2006)
Phishing Trojan plays ping-pong with captured data (8 August 2006)
Spam zombies give UK ISPs the fear (5 July 2006)
MS clean-up stats shed light on malware infections (13 June 2006)
Spyware dominates malware production efforts (12 June 2006)
IM worm installs rogue browser (22 May 2006)
Japanese power plant secrets leaked by virus (17 May 2006)
Botnet master jailed for five years (9 May 2006)
Zombies attack Seattle hospital (5 May 2006)
Bot software looks to improve peerage (4 May 2006)
SDBot raises IM security concerns (2 November 2005)
AOL IM worm roots around Windows PCs (31 October 2005)
Polyglot IM worm targets MSN (25 August 2005)
IM worm hits Reuters (15 April 2005)
Download.Ject-style worm spreads via IM (20 August 2004)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

whitepaper title

Enforce Your Email and Web Acceptable Usage Policies

Unmanaged employee use of email and the web can subject any organization to costly risks. Learn how clearly written Email and Web Acceptable Usage Policies (AUPs) can protect your business.

Whitepapers	Jobs
The Botnet Threat Software Smart Cards via Cryptographic Camouflage The Impact of Software-As-A-Service (Saas) Getting The Package Right	Trading Floor Support Business-minded Perl Hacker for Fast-Growing Biotech Company Sr Perl Developer (Team Lead) Experienced Lead Perl developer for SF startup Perl/Linux Programmer for Telecom ASP

Top 20 stories • All The Week’s Headlines • Archive • Search