Nugache: The Shape of Things to Come in P2P Land

|

As detailed over at Shadowserver.org, this is a particuarly new and nasty beast. Called "Nugache", it has email capabilities, attacks various vulnerabilities and has crazy leet FTP skills. The FTP powers are lying dormant for the moment, however this will surely change when the all singing and dancing Nugache Mark 2 hits the streets.

Currently, the theory goes that (while spreading via P2P), if the IRC-based Command & Control center is shut down, some nifty P2P coding will "reclaim" the potentially lost bots and start the whole thing up again at a later date. Sounds like there's some messed up coding in this thing at present, so it shouldn't hit too hard for the moment. Just be extra careful in P2P land, because at some point this thing is going to bite down hard.

Good news is, we've detected this thing since early January and enterprise customers are safe. Home users will have to remain vigilant for the time being - but then, if you're using P2P you should be anyway...

About this Entry

This page contains a single entry by Christopher Boyd published on April 30, 2006 10:32 AM.

Deception, Deceit and Dollars- Spotting Red Flags was the previous entry in this blog.

YAPBrowser- Questions & E-mail Interview is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.