Christopher Boyd: April 2006 Archives

As detailed over at Shadowserver.org, this is a particuarly new and nasty beast. Called "Nugache", it has email capabilities, attacks various vulnerabilities and has crazy leet FTP skills. The FTP powers are lying dormant for the moment, however this will surely change when the all singing and dancing Nugache Mark 2 hits the streets.

Currently, the theory goes that (while spreading via P2P), if the IRC-based Command & Control center is shut down, some nifty P2P coding will "reclaim" the potentially lost bots and start the whole thing up again at a later date. Sounds like there's some messed up coding in this thing at present, so it shouldn't hit too hard for the moment. Just be extra careful in P2P land, because at some point this thing is going to bite down hard.

Good news is, we've detected this thing since early January and enterprise customers are safe. Home users will have to remain vigilant for the time being - but then, if you're using P2P you should be anyway...

This one has crept across the security pros and analysis can now be found here and here.

For those not in the know, Yapbrowser is a browser "search tool" - unfortunately, none of the paid for links work (returning a blank page) and anything entered into the browser redirects to...illegal pornography. What makes this even more interesting is that you need to install Zango (from 180 Solutions) to run the application.

The response, or perhaps lack of one, from 180 should be interesting, to say the least...I wonder how it will differ from their interview Wayne Porter did with them a year ago.

They said...


First, 180solutions cares a tremendous amount about what users think about our software from how it is distributed to how it works on a user?s machine. As our company has grown, our company has and will continue to invest heavily in user-focused initiatives. Going forward, through the use of additional staff and innovative technology, we will dramatically increase control over how our partners operate. We understand and accept the responsibility to monitor and police our partners.

Historically, 180solutions has not installed software; we relied on a network of partners to distribute our applications. Over the last year, 180solutions has placed greater emphasis on managing distribution partners as well as moving to maintain more control over how our software is installed on users? machines. In response to public and our own concerns, we careful monitor our channels for conduct we find inappropriate. 180solutions has a stringent distributor code of conduct in place and frequently audits distribution partners.

Reference:

Porter's Preface to 180 Solutions Response & Some Software Philosophy.

Official Response from 180solutions to Porter's Questions

About this Archive

This page is a archive of recent entries written by Christopher Boyd in April 2006.

Christopher Boyd: March 2006 is the previous archive.

Christopher Boyd: May 2006 is the next archive.

Find recent content on the main index or look in the archives to find all content.