The Storm and Nugache botnets are hard to stop because they use encrypted peer-to-peer networking to update themselves and exchange information.
The Storm and Nugache trojans represent the face of future crimeware, or its facelessness: These two malicious bot programs are distinct from their ancestors because they lack a head that can be severed to stop them.
Previous generations of bots could be cut off from their control server, which communicated over Internet Relay Chat. Storm and Nugache bots do not depend on IRC communications; they use encrypted peer-to-peer networking to update themselves and exchange information.
Storm first came to attention in early 2007 and spread through an e-mail message that made reference to a recent European storm in the message subject line. It has created a massive botnet that has been estimated to range from a few hundred thousand to over 2 million machines. In an interview with InformationWeek last September, Matt Sergeant, chief anti-spam technologist with MessageLabs, likened the Storm botnet to a supercomputer in terms of its power.
Nugache appeared in mid-2006, initially as a trojan distributed through chat applications. Initially, it lagged behind Storm in terms of sophistication. For example, it couldn't send spam in regionally appropriate languages, as Storm can. But Paul Henry, VP of technology evangelism at Secure Computing, said that security experts now believe it has caught up with Storm's capabilities and will likely become a more significant threat as its controllers move to profit from their malware.
"[Nugache] is not as large as Storm yet, but from a technical perspective, it's just as good," said Henry.
The maturation of Nugache has resulted in a decrease in the price and quality of spam, according to Henry, who put the current cost of spamming at $100 per million messages.
Like Storm, Nugache relies on encrypted peer-to-peer communication for command and control, said Henry. But it has an advantage over Storm in that it's not tied to a specific set of ports. "[Nugache] will look at pretty much any port to establish communication," he said.
Storm and Nugache communication cannot be detected reliably by intrusion detection systems (IDS). In a paper published last month, computer security researchers Sam Stover, Dave Dittrich, John Hernandez, and Sven Dietrich said, "User education is likely the only mitigation method to prevent installation of the malware."
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.