We’ve covered quite a few Storm stories – now it seems there is a new player in town, which could possibly the most advanced malware and botnet instigator so far.
It’s also something I’ve predicted before, peer to peer malware networks running without a command and control server, no single point of failure and much more tricky to take down. The guys writing these things are getting smart, random communications, peers drop and reconnect, everything is encrypted..
Dittrich, one of the top botnet researchers in the world, has been tracking botnets for close to a decade and has seen it all. But this new piece of malware, which came to be known as Nugache, was a game-changer. With no C&C server to target, bots capable of sending encrypted packets and the possibility of any peer on the network suddenly becoming the de facto leader of the botnet, Nugache, Dittrich knew, would be virtually impossible to stop.
“The authors are making these subtle little changes to keep it under the radar, and they’re succeeding,” said Dittrich.
This is the future of malware and it’s not a pretty picture. What it is, is a nightmare: a new breed of malicious software developed, tested and sold by professionals and engineered to change on the fly, adapt to its environment and evade traditional defenses.
It’s definitely going to be interesting watching this one develop and waiting to see what kind of countermeasures come up. Software quality is starting to appear in malware, these are robust and technically competent worms and botnets.
The creators of these Trojans and bots not only have very strong software development and testing skills, but also clearly know how security vendors operate and how to outmaneuver defenses such as antivirus software, IDS and firewalls, experts say. They know that they simply need to alter their code and the messages carrying it in small ways in order to evade signature-based defenses. Dittrich and other researchers say that when they analyze the code these malware authors are putting out, what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process.
It seems like it’s a real cottage industry right now and there are some very talented programmers and security specialists working on these projects.
But then again it’s just like any other industry, where there’s bad there’s good and vice versa..and there is money to be made on both sides of the fence.