We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Experts warn world about Nugache worm

Russian spammers make Nugache bigger than Storm

The infamous Storm worm may be perceived as the world's most dangerous botnet, but security experts say a worm called Nugache could be more of a threat.

Nugache was first sighted about two years ago as a worm designed to work with chat protocols, says Paul Henry, vice president of technology evangelism at Secure Computing. As such, it did not propagate virulently.

But last month, hackers believed to be tied to the notorious Russian Business Network online criminal mob gave Nugache a facelift, copying many of the successful attributes of Storm, such as encryption, a rootkit and the ability to spread as web-borne malware.

"It's following the Storm worm," Henry says. "Nugache now includes the ability to encrypt itself and every version that rolls out is generated a bit differently to obfuscate detection."

Nugache is now also peer-to-peer controlled to put it under a more decentralised command-and-control structure that makes it difficult to take down the botnet it can construct once it infects desktop machines.

Botnets can be used to send spam messages through compromised machines, among other criminal purposes. The rise of the Nugache botnet appears to already be giving the Storm botnet more competition.

For the latest PC security news, reviews, tips and tricks, visit Security Advisor.

"It's creating a bargain basement for spam," Henry says. Prices as low as 1 million spam messages for £50 are being advertised online mainly because of the rise of Nugache, he says.

Business and consumers should be aware that Nugache could attempt to compromise their desktop machines in various ways, particularly through web-based drive-by downloads. One way it has been seen spreading is through URLs embedded by attackers in blogs.

"It's not the owner of the blogs doing this," Henry says. "There's a program called Xrunner from the black-hat crowd that automates the insertion of URLS for web-based malware sites for drive-by hacking." Often, the old "fake video-codec" scam accompanies this ruse by trying to trick users who want to view video segments into downloading the Nugache malware.

NEXT PAGE: how the worm works in the action > >


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more