Understanding Emerging Threats: The Case Of Nugache presented at SOURCE Boston 2008

by Bruce Dang, Dave Dittrich,

Tags: Security Malware Botnets

Summary : Distributed intruder attack tools have evolved from the original "handler/agent" DDoS tools of 1998, to very large and powerful botnets in the early 2000's. Methods of command and control (C2) have also evolved, from direct client/server, to central C2 mechanisms, and today to using advanced peer-to-peer mechanisms that are significantly harder to detect and react to.
In this talk, we will cover some reverse engineering methods used to understand advanced malware, and discuss a successful "proof of concept" P2P malware network known as Nugache. Some observations of the ways Nugache has been propagated and used will be covered.