Hackers control bot client over P2P
Print storyNugache
Posted in Anti-Virus, 2nd May 2006 14:38 GMT
VMware whitepaper - The business case for Virtualization
Security watchers are warning of a new worm that's propagating over instant messenger networks run by both AOL and MSN. Nugache-A is also spreading (albeit modestly) as an infected email that uses a variety of well-known Windows exploits to infect vulnerable Windows PCs.
If successful, the worm opens a back door that leaves compromised PCs as zombies under the control of hackers. The command and control channel technique used by the worm is unusual. Instead of a static list, the worm connects to infected peers, web security firm Websense reports. The SANS Institute's Internet Storm Centre (ISC) adds that the bots talk to each other via port 8/TCP over an encrypted P2P channel.
"A peer-to-peer command and control channel makes it more difficult to block commands issued to the bot. The traffic over this channel also uses obfuscation in an attempt to bypass intrusion detection systems," Websense reports. Additional information on the worm, and how to guard against attack, can be found in ISC's advisory here. ®
An improved architecture for high-efficiency, high-density data centers
Implementing energy efficient data centers
LDAP Injection
The Register Guide to Extended Validation
Spam Spikes: A Real Risk to Your Business
Scareware mongers hitch free ride on Microsoft.com and others
Home Office death list 'stops ID fraud'
American Express bitten by XSS bugs (again)
Electronic votes mysteriously vanish in Ohio election