The botnet uses encryption and random communications to thwart the efforts of signature-based defences.
According to Eric Krieger, country manager ANZ at Secure Computing, Nugache utilises peer to peer communications without any command control server. This capability makes the normally detectable communications between the individual bots and their command control server undetectable and at the same time also provides a new level of resiliency for the botnet.
“Although we aren’t quite sure of the source of this botnet, you could probably name any of the usual suspects, which range from Ukraine, China or even Russia. It has the ability to disable security software on the infected host or PC. Without proactive technology, the botnet won’t be able to be detected in a couple of months,” said Krieger.
Paul Henry, vice president of Technology Evangelism at Secure Computing, said in 2007 Storm represented one of the biggest threats on the Internet. As 2008 begins, Nugache boasts the very same technical aspects that allowed Storm to grow so rapidly and regularly evade popular defenses.
"People need to realise that it took nearly two years for Storm to evolve to reach its current capabilities. With Nugache having adopted the clever technologies used by Storm, it is now poised to quickly become as big if not a bigger threat,” he said. “One of the many reasons I believe Nugache will perhaps grow bigger is in the business aspect of their undercutting spam, sending prices that have appeared since Nugache bot herders began offering spam services back in early December. Those organisations that employ the services of botnets to send their spam now have a cheaper alternative in Nugache."
Henry said that with the currently deployed popular defensive technologies according to the CIO and CSI eCrime reports (signature-based defenses, category-based URL filters and Negative security model based gateway products), Storm and now Nugache will simply be unstoppable in 2008.
In November 2007 Secure Computing reorganised its distribution model and cut back its tier one distributors from nine to five .
Secure Computing warns resellers of a new botnet
By Lilia Guan on Jan 8, 2008 1:37PM