. Updated Daily. Editions SDA India   SDA Indonesia
JAX Asia 2008 - Conference for Enterprise Java, SOA, Spring, Web Services, Ajax, Agile and more
BUSINESS ENTERPRISE SOLUTIONS ARCHITECTURE INFORMATION SECURITY WIRELESS & MOBILITY DATA & STORAGE DEVELOPMENT HARDWARE













Features

Wednesday, 9 January 2008

2008 is the Year of the Nugache Botnet
 

A new botnet has emerged and is expected to usurp Storm from its current standing as the nastiest botnet on the planet in 2008. Nugache, as it’s called, is a botnet that apparently uses encryption and random communications to thwart the efforts of signature based defenses according to enterprise gateway security company, Secure Computing Corporation.
 

 

A new botnet has emerged and is expected to usurp Storm from its current standing as the nastiest botnet on the planet in 2008.

Nugache, as it’s called, is a botnet that apparently uses encryption and random communications to thwart the efforts of signature based defenses according to enterprise gateway security company, Secure Computing Corporation.

"In 2007, Storm represented one of the biggest threats on the Internet. As 2008 begins, Nugache awakens from its slumber boasting the very same technical aspects that allowed Storm to grow so rapidly and regularly evade popular defenses," said Paul Henry, Vice President of Technology Evangelism, Secure Computing.

Nugache utilizes peer to peer communications without any command control server. This capability makes the normally detectable communications between the individual bots and their command control server undetectable and at the same time also provides a new level of resiliency for the botnet.

Nugache takes advantage of the weakness in today’s most popular defenses:

•Lack of anti-malware scanning.

•Reliance upon categories only in previous generation URL filters.

•Default allow policies for internal users providing unchecked access to the Internet.

•Lack of granular application controls.

•Reliance on signatures in a negative security model (allow all traffic to pass and attempt to block the bad using a signature).

Henry added, "People need to realize that it took nearly two years for Storm to evolve to reach its current capabilities. With Nugache having adopted the clever technologies used by Storm, it is now poised to quickly become as big if not bigger of a threat."

Secure Computing recommends the following approaches that can be used to outsmart this new botnet attack:

•Strong firewall with granular access controls to protect public facing assets to prevent the spread of Nugache as well as to block communications from impacted machines within the enterprise network.

•Anti-Malware scanning to prevent users from installing Nugache when they visit an infected web borne malware site.

•Reputation based URL filtering, reliance on traditional category based URL filtering is simply inadequate today - you must have real-time reputation data for the websites your users are visiting. Good websites permitted with a category selection in a URL filter can in fact go bad quickly and infect the user.
 
 
print save email comment

print

save

email

comment
 
 

Search SDA Asia

Free eNewsletter
SDA Asia Magazine Free Download
 
 
 
Copyright @ 2008 SDA Asia Magazine - All Right Reserved Privacy Policy | Terms of Use