The infamous Storm worm may be perceived as the world's most dangerous botnet, but security experts say a worm called Nugache could be more of a threat.
Nugache was first sighted about two years ago as a worm designed to work with chat protocols, says Paul Henry, vice president of technology evangelism at Secure Computing. As such, it did not propagate virulently.
But last month, hackers believed to be tied to the notorious Russian Business Network online criminal mob gave Nugache a facelift, copying many of the successful attributes of Storm, such as encryption, a rootkit and the ability to spread as web-borne malware.
"It's following the Storm worm," Henry says. "Nugache now includes the ability to encrypt itself and every version that rolls out is generated a bit differently to obfuscate detection."
Nugache is now also peer-to-peer controlled to put it under a more decentralised command-and-control structure that makes it difficult to take down the botnet it can construct once it infects desktop machines.
Botnets can be used to send spam messages through compromised machines, among other criminal purposes. The rise of the Nugache botnet appears to already be giving the Storm botnet more competition.
"It's creating a bargain basement for spam," Henry says. Prices as low as 1 million spam messages for £50 are being advertised online mainly because of the rise of Nugache, he says.
Business and consumers should be aware that Nugache could attempt to compromise their desktop machines in various ways, particularly through web-based drive-by downloads. One way it has been seen spreading is through URLs embedded by attackers in blogs.
"It's not the owner of the blogs doing this," Henry says. "There's a program called Xrunner from the black-hat crowd that automates the insertion of URLS for web-based malware sites for drive-by hacking." Often, the old "fake video-codec" scam accompanies this ruse by trying to trick users who want to view video segments into downloading the Nugache malware.
NEXT PAGE: how the worm works in the action > >