The botnet uses encryption and random communications to thwart the efforts of signature-based defences.
According to Eric Krieger country manager, ANZ at Secure Computing, Nugache utilises peer to peer communications without any command control server.
This capability makes the normally detectable communications between the individual bots and their command control server undetectable and at the same time also provides a new level of resiliency for the botnet.
“Although we aren’t quite sure of the source of this botnet, you could probably name any of the usual suspects, which ranges from Ukraine, China or even Russia. It has the ability to disable security software on the infected host or PC. Without proactive technology, the botnet won’t be able to detect, a couple of months,” Krieger said.
According to Paul Henry, vice president of Technology Evangelism at Secure Computing, in 2007 Storm represented one of the biggest threats on the Internet. As 2008 begins, Nugache boasts the very same technical aspects that allowed Storm to grow so rapidly and regularly evade popular defenses.
"People need to realise that it took nearly two years for Storm to evolve to reach its current capabilities. With Nugache having adopted the clever technologies used by Storm, it is now poised to quickly become as big if not bigger of a threat,” he said.
“One of the many reasons I believe Nugache will perhaps grow bigger is in the business aspect of their undercutting spam, sending prices that have appeared since Nugache bot herders began offering spam services back in early December. Those organisations that employ the services of botnets to send their spam now have a cheaper alternative in Nugache."
New botnet set to unseat Storm as the nastiest around
By Lilia Guan on Jan 8, 2008 1:51PM