Nugache the latest in bot-net technology… and why you should care about botnets…

To show you where the threat with bot networks is going there’s a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and essentially have no “human readable strings” in any of it’s communications. The encryption of it’s connections makes it harder for IDS to catch it (as they rely on signatures of traffic.

It’s kind of interesting that this “newer, better” bot is making news on the same day that Blue Security’s demise is announced (they were essentially finished off by spammers with a bot net of their own.) What’s really disturbing about the current state of bot net technology is that it’s fairly easy to see how it could be refined and improved to be EVEN more effective at being distributed, being harder to shut down without tracking down EVERY LAST INFESTED machine. Unfortunately, in this arms race the bad guys seem to have a lead.

Of course, that’s been the way since the first computer viruses started spreading. Release it and then there’s a signature to detect it. Of course, when viruses were moving from computer to computer on floppy discs it didn’t exactly spread overnight, but when email became the primary way to distribute viruses, the antivirus companies had to be more on their toes. Updates had to come quickly, but there’s still the lag. AND so many let their antivirus lapse if it came with the pc, or never install it if it didn’t come with the pc. It’s frustrating to see so many people that think. “I don’t keep anything important on my computer, so it doesn’t matter to me if I get a virus.” I suspect that’s one reason that bot nets have grown to be so powerful and plentiful as to be able to force a company off the web. When you can get control of thousands of zombie pcs to do your bidding for maybe a thousand dollars (or less) you have the equivalent of an army ready to either send junk mail, serve up illegal content (child pornography/pirated software), or hold websites hostage for money, or just to “run them out of town.”

Yes, somebody should do something, but then we don’t want the net regulated. That means that WE have to stand up and do something, the netizens have to do more. There are a number of things that ISP’s could do that aren’t being done across the board that could help (NOT just providing free antivirus). It is a balancing act though between security and convenience. There are things that EVERY computer user can do. (Check that they’ve got operating system updates and make sure their antivirus works and is updating.) For that matter they should be aware of what’s “normal” for their pc to be running and if something new happens, FIND OUT WHY.

With the loss of Blue Security I’m afraid that the spammers of the world are going to be emboldened and redouble their efforts to sell viagra and who knows what else to every human being on the planet with an email account. For that matter, I’m sure EVERYONE in the “rent a bot-net” part of the internet has taken notice that they’ve won a major fight against white-hat vigilantes.

By the way, here’s a good detailed step by step of what led up to Blue Security’s demise. And the reality is the attacks that brought Blue Security down are still going on, but after companies that became associated with them in this whole deal. Blue Security had a message posted on their site about their shutting down, but that hasn’t stopped the attacks. There site is out at the moment. Prolexic is a comany they enlisted in recent weeks to help them survive the DDos attacks. Prolexic specializes in defending against that type of attack. However, it looks like the botnet has now targetted UltraDNS, which is Prolexic’s DNS provider. They’ve been targetted with a “reflective DOS” attack. (Or DNS amplification attack). Essentially improperly configured dns servers are used to spoof requests to the target, it’s hard then for the target to filter legitimate traffic and as the attack escalates (more bots spreading the requests across more poorly configured dns servers….) the target chokes on the load.

You recall the attack that took down Akamai hosted services around 2004 (several main big-name sites were offline for a few hours in that attack.) It was big news at the time. That was a similar reflector attack. What’s most disturbing is that attack was not stopped by akamai, but the attackers. In other words, you now know why you should care about botnets and their herders… they have the power to snuff a site off the net.

Make sure your pc’s are clean from “bugs” and help your friends do likewise. Spread the word, we need a “worldwide clean your computer with antivirus and antispyware day” or something like it. (Kind of like the installfests, Linux User groups have only an uninstallfest.)

Related Posts

Blog Traffic Exchange Related Posts
  • Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
  • MPlayer Video Stream Lagging Audio On my (somewhat older) laptop, I've noticed that MPlayer sometimes gets the audio and video out of sync. The audio is moving faster than the video. I've noticed this in octoshape streaming as well as in playing standalone videos. I discovered a quick fix to this is to use the......
  • Network Security guide for the home or small business network - Part 16 - Learn about the enemy I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a "know your enemy" point of view. That's a good concept to apply to......
Blog Traffic Exchange Related Websites
  • Improving Slow Startup Performance on Windows Computers The cause of slow startup times is primarily due to the applications initialized as the operating system boots up. This article shows how to fine-tune these programs and increase startup times. The key to improving slow startup speed is to (a) deactivate/reduce the amount of programs running as Windows begins......
  • 3 Ways of Repairing the Windows Blue Screen The most frustrating computer error of all, the blue screen that pops up out of no where and almost always when you're in the middle of something very important. The screen appears listing some strange cryptic message of numbers and letters about something going wrong. For us average computer users......
  • The Principles Of CPanel Net Internet Hosting I am positive that if you are visiting this page, you will be interested in ix webhosting. If you are a webmaster and you will need to choose between so several types of world wide web internet hosting, then you ought to possibly just settle with the cPanel world wide......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

One Response to “Nugache the latest in bot-net technology… and why you should care about botnets…”

  1. Computer security day….-- Avery J. Parker - Web site hosting and computer service Says:

    [...] A few days ago – while musing about the botnet take-down of Blue Security – I said something along the lines of “Make sure your pc’s are clean from “bugs” and help your friends do likewise. Spread the word, we need a “worldwide clean your computer with antivirus and antispyware day” or something like it. (Kind of like the installfests, Linux User groups have only an uninstallfest.)” Anyway, it looks as though Switzerland does something like this… According to it’s called Swiss Security day. [...]

Switch to our mobile site