EmailSafety.net - Nugache worm kicking up a Storm

Nugache worm kicking up a Storm

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Community

RE: Five data leak nightmares

Microsoft - Time to Step Up With Web Apps for Small Business

More signs of deadwood from Cisco new hire Padmasree Warrior

All security forums

Story tools

Sponsored by:

E-Mail article
Print article
Contact author	Reprint
AIM article	del.icio.us
Reddit	Digg
Stumble	Slashdot It!

Nugache was first sighted about two years ago as a worm designed to work with chat protocols, says Paul Henry, vice president of technology evangelism at Secure Computing. As such, it did not propagate virulently. But last month, hackers believed to be tied to the notorious Russian Business Network online criminal mob gave Nugache a facelift, copying many of the successful attributes of Storm, such as encryption, a rootkit and the ability to spread as Web-borne malware.

Read the latest WhitePaper - Best Practices in Lifecycle Management: Comparing KACE(tm), Altiris, LANDesk, and Microsoft SMS

“It’s following the Storm worm,” Henry says. “Nugache now includes the ability to encrypt itself and every version that rolls out is generated a bit differently to obfuscate detection.”

Nugache is now also peer-to-peer controlled to put it under a more decentralized command-and-control structure that makes it difficult to take down the botnet it can construct once it infects desktop machines.

Botnets can be used to send spam messages through compromised machines, among other criminal purposes. The rise of the Nugache botnet appears to already be giving the Storm botnet more competition.

“It’s creating a bargain basement for spam,” Henry says. Prices as low as 1 million spam messages for $100 are being advertised online mainly because of the rise of Nugache, he says.

Business and consumers should be aware that Nugache could attempt to compromise their desktop machines in various ways, particularly through Web-based drive-by downloads. One way it has been seen spreading is through URLs embedded by attackers in blogs.

“It’s not the owner of the blogs doing this,” Henry says. “There’s a program called Xrunner from the black-hat crowd that automates the insertion of URLS for Web-based malware sites for drive-by hacking.” Often, the old “fake video-codec” scam accompanies this ruse by trying to trick users who want to view video segments into downloading the Nugache malware.
Bigtime hacker groups such as the Russian Business network have grown adept into manipulating the Google ratings system to raise their profile in the search-engine display, Henry says.

1 | 2 | Next >

Recent News:

· McColo takedown: Vigilantism or Neighborhood Watch?
· Spam drop could boost Trojan attacks
· Hosting firm shutdown forces botnets to relocate
· ISP cut off from Internet after security concerns
· Spam plummets after hosting service shuttered

Site Map | Recent News | Related Sites

Other stories on this topic

Community

Story tools

Sponsored by: