AIM worm controlled VIA P2P

["Dude VanWinkle" <dudevanwinkle () gmail com>]

from http://www.theregister.co.uk/2006/05/02/nugache_worm/

Security watchers are warning of a new worm that's propagating over
instant messenger networks run by both AOL and MSN. Nugache-A is also
spreading (albeit modestly) as an infected email that uses a variety
of well-known Windows exploits to infect vulnerable Windows PCs.

If successful, the worm opens a back door that leaves compromised PCs
as zombies under the control of hackers. The command and control
channel technique used by the worm is unusual. Instead of a static
list, the worm connects to infected peers, web security firm Websense
reports. The SANS Institute's Internet Storm Centre (ISC) adds that
the bots talk to each other via port 8/TCP over an encrypted P2P
channel.
Click here to find out more!

"A peer-to-peer command and control channel makes it more difficult to
block commands issued to the bot. The traffic over this channel also
uses obfuscation in an attempt to bypass intrusion detection systems,"
Websense reports. Additional information on the worm, and how to guard
against attack, can be found in ISC's advisory here.
http://isc.sans.org/diary.php?date=2006-05-01

------------------------------

Its a conspiracy by the RIAA ;-) lol jk etc

-JP

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.