To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I don't know how many (if any) botnets list members are on the Websense list so I am forwarding this mail over. In light of the recent discussions about "other than IRC command and control" methods I thought some might find it interesting.
Thanks, bf ---------- Forwarded message ---------- From: Websense Security Labs <[EMAIL PROTECTED]> Date: May 1, 2006 6:57 PM Subject: WSLabs, Malicious Code Alert: "Nugache" Worm/Bot using P2P control channel To: [EMAIL PROTECTED] Websense(r) Security Labs (TM) has received several reports of a new worm, "Nugache", which is spreading on AOL/MSN Instant Messenger networks and as an e-mail attachment by exploiting several workstation vulnerabilities. The worm opens a back door on TCP port 8, and installs a bot to wait for commands from the attacker. The command & control channel that is used is unique, as the bot appears to connect to infected peers instead of a static list. A peer-to-peer command & control channel makes it more difficult to block commands issued to the bot. The traffic over this channel also uses obfuscation in an attempt to bypass intrusion detection systems. For additional details and information on how to detect and prevent this type of attack: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=478 =-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=- Websense Security Labs discovers and investigates today's advanced internet threats and publishes its findings enabling organizations to best protect employee computing environments from increasingly sophisticated and dangerous internet threats. To unsubscribe: http://www.websensesecuritylabs.com/unsubscribe FAQs: http://www.websensesecuritylabs.com/about/ Download a free 30 day trial: http://www.websense.com/downloads/SecurityLabs/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
