Biting the hand that feeds IT
Biting the hand that feeds IT
Security:
|
|
News ToolsReg Shops |
![[Print]](/Design/graphics/icons/pf.png "Printer-friendly version"){kind=icon} ![[Mobile]](/Design/graphics/icons/regmob.png "Read The Reg on your mobile phone"){kind=icon} ![[Alerts]](/Design/graphics/icons/alerts.png "Reg Desktop News Alerts"){kind=icon}
Hackers control bot client over P2PNugachePublished Tuesday 2nd May 2006 14:38 GMT Security watchers are warning of a new worm that's propagating over instant messenger networks run by both AOL and MSN. Nugache-A is also spreading (albeit modestly) as an infected email that uses a variety of well-known Windows exploits to infect vulnerable Windows PCs. If successful, the worm opens a back door that leaves compromised PCs as zombies under the control of hackers. The command and control channel technique used by the worm is unusual. Instead of a static list, the worm connects to infected peers, web security firm Websense reports. The SANS Institute's Internet Storm Centre (ISC) adds that the bots talk to each other via port 8/TCP over an encrypted P2P channel. "A peer-to-peer command and control channel makes it more difficult to block commands issued to the bot. The traffic over this channel also uses obfuscation in an attempt to bypass intrusion detection systems," Websense reports. Additional information on the worm, and how to guard against attack, can be found in ISC's advisory here. ®
Track this type of story as a custom Atom/RSS feed or by email.
|
|
Top 20 stories • All The Week’s Headlines • Archive • Search
Post to Slashdot
Digg this
Add to del.icio.us
Reddit
Previous Article
