Nugache

["Dude VanWinkle" <dudevanwinkle () gmail com>]

I know this is old news, but I just love these two paragraphs:

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286808,00.html

But with this network, in lieu of one C&C server, there were a number
of peers around the network that were sending out commands and serving
as download sites for various pieces of the network. So if one of the
peers in the network that the attacker is using to issue commands to
the rest of the network is shut down, the attacker could simply begin
sending orders through another peer. This made the entire network of
compromised PCs equal partners and made the prospect of disabling the
network incredibly daunting.

As troubling as this new development was, more troubling was the fact
that the peers sending out the commands changed on the fly and, as
Dittrich watched, various members of the network would drop off
botnet, only to reappear days or weeks later. So the shape and size of
the botnet was changing almost constantly, with entire branches going
dark for extended periods of time and peers jumping from one portion
of the network to another seemingly on a whim. And, to add to the pile
of bad news, the bots were communicating with each other over an
encrypted channel, making it all but impossible to listen in on their
conversations.



And to hammer the point home:

http://www.theregister.co.uk/2007/12/31/vxer_scene_rip/


:-(

-JP<who will miss the viruses that turn up your volume and scream
"THIS GUY IS LOOKING AT PRON!">
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.