Nugache the latest in bot-net technology… and why you should care about botnets…



To show you where the threat with bot networks is going there’s a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and essentially have no “human readable strings” in any of it’s communications. The encryption of it’s connections makes it harder for IDS to catch it (as they rely on signatures of traffic.


It’s kind of interesting that this “newer, better” bot is making news on the same day that Blue Security’s demise is announced (they were essentially finished off by spammers with a bot net of their own.) What’s really disturbing about the current state of bot net technology is that it’s fairly easy to see how it could be refined and improved to be EVEN more effective at being distributed, being harder to shut down without tracking down EVERY LAST INFESTED machine. Unfortunately, in this arms race the bad guys seem to have a lead.

Of course, that’s been the way since the first computer viruses started spreading. Release it and then there’s a signature to detect it. Of course, when viruses were moving from computer to computer on floppy discs it didn’t exactly spread overnight, but when email became the primary way to distribute viruses, the antivirus companies had to be more on their toes. Updates had to come quickly, but there’s still the lag. AND so many let their antivirus lapse if it came with the pc, or never install it if it didn’t come with the pc. It’s frustrating to see so many people that think. “I don’t keep anything important on my computer, so it doesn’t matter to me if I get a virus.” I suspect that’s one reason that bot nets have grown to be so powerful and plentiful as to be able to force a company off the web. When you can get control of thousands of zombie pcs to do your bidding for maybe a thousand dollars (or less) you have the equivalent of an army ready to either send junk mail, serve up illegal content (child pornography/pirated software), or hold websites hostage for money, or just to “run them out of town.”

Yes, somebody should do something, but then we don’t want the net regulated. That means that WE have to stand up and do something, the netizens have to do more. There are a number of things that ISP’s could do that aren’t being done across the board that could help (NOT just providing free antivirus). It is a balancing act though between security and convenience. There are things that EVERY computer user can do. (Check that they’ve got operating system updates and make sure their antivirus works and is updating.) For that matter they should be aware of what’s “normal” for their pc to be running and if something new happens, FIND OUT WHY.

With the loss of Blue Security I’m afraid that the spammers of the world are going to be emboldened and redouble their efforts to sell viagra and who knows what else to every human being on the planet with an email account. For that matter, I’m sure EVERYONE in the “rent a bot-net” part of the internet has taken notice that they’ve won a major fight against white-hat vigilantes.

By the way, here’s a good detailed step by step of what led up to Blue Security’s demise. And the reality is the attacks that brought Blue Security down are still going on, but after companies that became associated with them in this whole deal. Blue Security had a message posted on their site about their shutting down, but that hasn’t stopped the attacks. There site is out at the moment. Prolexic is a comany they enlisted in recent weeks to help them survive the DDos attacks. Prolexic specializes in defending against that type of attack. However, it looks like the botnet has now targetted UltraDNS, which is Prolexic’s DNS provider. They’ve been targetted with a “reflective DOS” attack. (Or DNS amplification attack). Essentially improperly configured dns servers are used to spoof requests to the target, it’s hard then for the target to filter legitimate traffic and as the attack escalates (more bots spreading the requests across more poorly configured dns servers….) the target chokes on the load.

You recall the attack that took down Akamai hosted services around 2004 (several main big-name sites were offline for a few hours in that attack.) It was big news at the time. That was a similar reflector attack. What’s most disturbing is that attack was not stopped by akamai, but the attackers. In other words, you now know why you should care about botnets and their herders… they have the power to snuff a site off the net.

Make sure your pc’s are clean from “bugs” and help your friends do likewise. Spread the word, we need a “worldwide clean your computer with antivirus and antispyware day” or something like it. (Kind of like the installfests, Linux User groups have only an uninstallfest.)

Related Posts

Blog Traffic Exchange Related Posts
  • Intel Proset Wireless update A couple weeks back, there was a pretty important security update for the Intel Proset Wireless driver. The big problem is that the update was a memory hog and caused porblems. Sans has info on the update to the update, also George Ou is encouraging everyone to make sure they've......
  • Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
  • How to Remove Antivirus PC 2009 | Antivirus PC 2009 Removal Guide Antivirus PC 2009 is a rogue antivirus application that is installed through malware and other nefarious means. Once installed on your system it will complain about security problems on your system. It will scan and claim that there are viruses on your computer. Like most all of these rogue antivirus......
Blog Traffic Exchange Related Websites
  • Should We Adopt a National Sin Tax on Junk Food to Reduce Obesity Epidemic? I'm not a fan of paying higher taxes. Nor am I a fan of people going without health insurance. As we've heard over and over on the 6 o'clock news and political debates, our current health care system cannot continue along its present course and represents a serious threat to......
  • Home Office Ideas Home working has reached a level where it has once again become a major part of the economy. It is especially big in Europe. For example, approximately 4 million residents in the UK work from home necessitating the need to optimise their office spaces in order to improve efficiency, while......
  • Save Time, Money and Space in Over 80 Ways If you're looking for handy gadgets, tools and various items that can save you time, money or space (or all three!) this list of more than 80 top products is just what you need. Everyone's got saving money on their minds these days- whether your at the grocery store, or......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Nugache the latest in bot-net technology… and why you should care about botnets…”

  1. Computer security day….-- Avery J. Parker - Web site hosting and computer service Says:


    [...] A few days ago – while musing about the botnet take-down of Blue Security – I said something along the lines of “Make sure your pc’s are clean from “bugs” and help your friends do likewise. Spread the word, we need a “worldwide clean your computer with antivirus and antispyware day” or something like it. (Kind of like the installfests, Linux User groups have only an uninstallfest.)” Anyway, it looks as though Switzerland does something like this… According to incidents.org it’s called Swiss Security day. [...]


Switch to our mobile site