BOOKMARK THIS ALERT

  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

"Nugache" Worm/Bot using P2P control channel

Date:05.01.2006

Threat Type: Malicious Code Alert

Websense® Security Labs (TM) has received several reports of a new worm, "Nugache", which is spreading on AOL/MSN Instant Messenger networks and as an e-mail attachment by exploiting several workstation vulnerabilities. The worm opens a back door on TCP port 8, and installs a bot to wait for commands from the attacker. The command & control channel that is used is unique, as the bot appears to connect to infected peers instead of a static list. A peer-to-peer command & control channel makes it more difficult to block commands issued to the bot. The traffic over this channel also uses obfuscation in an attempt to bypass intrusion detection systems.