• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Nugache – The Next Big Storm?

January 2, 2008

Views: 3,819

[ad]

We’ve covered quite a few Storm stories – now it seems there is a new player in town, which could possibly the most advanced malware and botnet instigator so far.

It’s also something I’ve predicted before, peer to peer malware networks running without a command and control server, no single point of failure and much more tricky to take down. The guys writing these things are getting smart, random communications, peers drop and reconnect, everything is encrypted..

Dittrich, one of the top botnet researchers in the world, has been tracking botnets for close to a decade and has seen it all. But this new piece of malware, which came to be known as Nugache, was a game-changer. With no C&C server to target, bots capable of sending encrypted packets and the possibility of any peer on the network suddenly becoming the de facto leader of the botnet, Nugache, Dittrich knew, would be virtually impossible to stop.

“The authors are making these subtle little changes to keep it under the radar, and they’re succeeding,” said Dittrich.

This is the future of malware and it’s not a pretty picture. What it is, is a nightmare: a new breed of malicious software developed, tested and sold by professionals and engineered to change on the fly, adapt to its environment and evade traditional defenses.

It’s definitely going to be interesting watching this one develop and waiting to see what kind of countermeasures come up. Software quality is starting to appear in malware, these are robust and technically competent worms and botnets.

The creators of these Trojans and bots not only have very strong software development and testing skills, but also clearly know how security vendors operate and how to outmaneuver defenses such as antivirus software, IDS and firewalls, experts say. They know that they simply need to alter their code and the messages carrying it in small ways in order to evade signature-based defenses. Dittrich and other researchers say that when they analyze the code these malware authors are putting out, what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process.

It seems like it’s a real cottage industry right now and there are some very talented programmers and security specialists working on these projects.

But then again it’s just like any other industry, where there’s bad there’s good and vice versa..and there is money to be made on both sides of the fence.

Source: SearchSecurity.com

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Malware Tagged With: storm, storm botnet, storm worm, trojans, virii, viruses, worms



Reader Interactions

Comments

  1. Sir Henry says

    January 2, 2008 at 3:40 pm

    This is one of the reasons I stopped reading articles posted on Reddit (not that I will stop reading here, of course); There is a bleak outlook in regard to what is currently going on behind the scenes and only a small portion of the internet population who knows about and understands any of it. I think goodpeople will agree when I say that this is where education about these matters becomes paramount.

    In a similar vein (yes, this will remain dichotomous), I once read a question on linkedin about whether to hire “hackers” for your security work. What surprised me was the overwhelming response at how hiring a person who has “hacking skills” is like asking the fox over for tea in the hen house. Such an unfortunate outlook and one wrought with emotional insecurity and a fear for the unknown. My stance is this: In order to fully understand the people who create malware of this calibre, we have think like them and do the things they do. Only then, can we have any sort of chance in creating an offensive to battle such works of intense brilliance. I know, it is a razor thin line and I am certain that thoughts of “The Force” and “The Dark Side” come to ming. The latter is rather apropos, I feel.

    I would like to know what others think of the latter ideas.

  2. goodpeople says

    January 2, 2008 at 4:51 pm

    Sir Henry,

    When I read your first postings here, I immediately realized that you and I would be having some fun discussions here.

    I couldn’t agree with you more. As long as we sit back and wait for the next outbreak, we are bound to loose the battle. Only when we are actively developing our software, defenses and mechanisms, do we have a chance to outsmart them.

  3. Sir Henry says

    January 2, 2008 at 5:03 pm

    @goodpeople:

    I, too, felt the same regarding our discussions. I have found immense intellectual enjoyment and stimulation here.

  4. Trejox says

    January 5, 2008 at 6:14 am

    As a friend of mine would say… “If you want to stop/catch them… Follow The Patterns.” ;)

  5. goodpeople says

    January 6, 2008 at 11:38 am

    @trejox,

    Just following the patterns is not good enough. You’ll always be one step behind. We have to get rid of the stance “if it works, don’t fix it”. That might be true for mechanical things, but it’s not good enough for our industry. We have to keep revising our code and programs.

    We should strive to get one step ahead of the bad guys.

  6. eM3rC says

    January 6, 2008 at 9:38 pm

    I am totally with goodpeople and Sir Henry.

    @goodpeople

    Even following the pattern might not be the best approach. Although one group of hackers might be caught in their ways of infecting computers or hacking another (new) one might create something completely new (like Nugache) and completely stump white hats.

  7. goodpeople says

    January 7, 2008 at 12:55 pm

    @eM3rC,

    There will always be challenges. But that doesn’t mean that we can sit back and relax. Maintenance is an ongoing task.

  8. eM3rC says

    January 8, 2008 at 3:12 am

    Back @ goodpeople

    Its a never ending battle that will probably be won by neither side. Hopefully the hackers don’t get to far ahead of the white hats.

  9. Sir Henry says

    January 8, 2008 at 5:20 pm

    @trejox:

    I am going to have to second what goodpeople has stated. Reactionary defenses as a means of security are not going to eliminate the threats and will most certainly not do anything to anticipate the new attacks that are out there. To fight the good fight, people need to anticipate what could potentially happen and form an offensive. Of course, I pity the security engineer who is in charge of that task.

  10. goodpeople says

    January 9, 2008 at 12:21 am

    @Sir Henry,

    That is why they pay us the big bucks! :-)

    As a teacher I always challenge my students to proof me wrong. I encourage my students to outthink me. My ultimate goal (as should be for every teacher in every field) is for my students to someday be better than I am.

    The same principle would apply if I were a software developer. If I had made something, I would want other programmers to look at my code and help me improve it. Constantly!

    Good software is never finished. The fact that it works doesn’t mean that it works well, will continue to work well and works well under all circumstances. You can never be sure. That is why I say that software maintenance is an ongoing process. It is never “done”. The only way to stay ahead in this game is to constantly revise the code and not take anything for granted.

  11. eM3rC says

    January 9, 2008 at 3:06 am

    @ goodpeople

    I want to have you as a teacher =P
    There need to be more teachers like this rather than teaching simply for the money or focusing their course around some test. Its a career and careers should be fun.

  12. goodpeople says

    January 9, 2008 at 5:29 pm

    @eM3rC,

    That is why they pay ME the big bucks! ;-)

  13. Sir Henry says

    January 9, 2008 at 5:33 pm

    They pay me the big bucks, too, but for a different reason. >:)

  14. goodpeople says

    January 9, 2008 at 5:54 pm

    @Sir Henry,

    uhhm, let me guess.. the Boss’s daughter?

  15. Sir Henry says

    January 9, 2008 at 5:57 pm

    Not so much the Boss’s daughter but what he has on his hard drive. ;) Nah, I actually just secured a job as an SE for a well-known PKI/Security company. Actually landed it on Monday, thus my not being around then. I can’t wait to start.

  16. goodpeople says

    January 9, 2008 at 5:59 pm

    Then let me be the first one here to concratulate you!

  17. Sir Henry says

    January 9, 2008 at 6:10 pm

    Thanks, goodpeople, I am really excited about the new position. My previous (well, current until the end of the month) position was not advertised correctly and my skills were underutilized or blatantly ignored. Talk about a reason to start looking into the internal security. ;)

  18. goodpeople says

    January 9, 2008 at 6:22 pm

    So beginning of next month you’ll finally be running Linux? :-)

  19. Sir Henry says

    January 9, 2008 at 6:30 pm

    At the beginning of the month, I can run whatever OS I want. ;)

  20. goodpeople says

    January 9, 2008 at 6:38 pm

    Any openings for a slightly overweight 43 years old IT security teacher?

  21. Sir Henry says

    January 9, 2008 at 6:39 pm

    I am sure that, given your experience and knowledge, there would be some opportunities. I will have to check their EU openings.

  22. goodpeople says

    January 9, 2008 at 7:17 pm

    @Sir Henry,

    Nah, don’t bother..for now. I guess I’m a spoilt brat with 12 weeks payed vacation per year..

  23. eM3rC says

    February 7, 2008 at 2:46 am

    Congratulations on the new job Sir Henry!

    Hope it goes well for you!

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 483

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 514

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 542

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 421

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 645

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 580

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (234)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,296,252)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,097)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,631)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,689)
  • Password List Download Best Word List – Most Common Passwords (933,504)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,157)
  • Hack Tools/Exploits (673,297)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,172)

Search

Recent Posts

  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy