[ISN] Duqu hackers scrub evidence from command servers, shut down spying op

From: InfoSec News <alerts_at_private>
Date: Thu, 1 Dec 2011 02:33:36 -0600 (CST)
http://www.computerworld.com/s/article/9222293/Duqu_hackers_scrub_evidence_from_command_servers_shut_down_spying_op

By Gregg Keizer
Computerworld
November 30, 2011

The hackers behind the Duqu botnet have shut down their snooping 
operation, a security researcher said today.

The 12 known command-and-control (C&C) servers for Duqu were scrubbed of 
all files on Oct. 20, 2011, according to Moscow-based Kaspersky Lab.

That was just two days after rival antivirus firm Symantec went public 
with its analysis of Duqu, a Trojan horse-based botnet that many 
security experts believe shared common code and characteristics with 
Stuxnet, the super-sophisticated worm that last year sabotaged Iran's 
nuclear program.

Duqu was designed, said Symantec and Kaspersky, by advanced hackers, 
most likely backed by an unknown country's government. Unlike Stuxnet, 
it was not crafted to wreak havoc on uranium enrichment centrifuges, but 
to scout out vulnerable installations and computer networks as a lead-in 
to the development of another worm targeting industrial control systems.

"I think this part of the [Duqu] operation is now closed." said Roel 
Schouwenberg, a Kaspersky senior researcher, in an emailed reply to 
questions today. "[But] that's not to say a new/modified operation may 
be under way."

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Dec 01 2011 - 00:33:36 PST

This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 00:41:44 PST