It’s got some unusual and threatening features for sure. Like Storm, it uses a P2P design which means that as a bot system it needs no IRC channel. No IRC channel means it is hard to track and therefore block, because the IRC is used for command and control. It also employs a degree of encryption and spreads and communicates in a way that helps hide its activity - it employs enough stealthiness to makes Lord Lucan look like a tiresome extrovert by comparison.
As with Storm, it is hard to pin down precisely what it is for. It has a multiple identity that lets it manifest itself as a bot, an Internet worm, with Trojan feature thrown in for good measure, and has thus far been used to infect PCs for prodigious spam-sending. But, like Storm, it could be used for any number of things.
Looking at Nugache - which was discovered in early 2006, before Storm proper - I’m struggling to grasp why it is not in fact just another incarnation of Storm or, alternatively, Storm is another incarnation of Nugache. They are both noteworthy as examples of the malware-launching environments that look as if they could grow to dominate the malware world in 2008. Give Storm and Nugache enough time and they’d pass the Turing test no doubt, they are that clever.
But why the fuss about Nugache right now? According to one security company, Secure Computing, the two systems (if it’s right to call them ‘systems’ as such) are now engaged in a price war, with Nugache undercutting Storm and others for the spam business.
"Those organisations that employ the services of botnets to send their spam now have a cheaper alternative in Nugache," he told us by email I a pre-prepared pitch.
I’m not convinced that Nugache is that technically striking, at least no more so than the already striking Storm. But it is the economic arguments that will define malware this year, and there is little doubt that both both-to-spam systems will have found considerably more hard disks on which to hide by the end 2008 than they had at the end of 2007. There is not much to stop them.