Duqu Perpetrators Remove Clues of C&C Servers, Following Exposure
According to security researchers from Kaspersky Lab, soon after Symantec the security company hyped the Duqu Trojan on the Internet during October 2011, those secretly unleashing the data-stealing malicious program eliminated all evidences of their existence off the command-and-control servers they operated for hiding their tracks. Eweek.com published this in news on November 30, 2011.
Notably, Chief malware Analyst Vitaly Kamluk at Kaspersky Lab blogged on the SecureList website of the organization that even with the enormous cleansing on October 20, 2011, Kaspersky managed to collect information from the Duqu's central command-and-control (C&C) server, published eweek.com dated November 30, 2011.
Kamluk further posted that Duqu, alongside communicating with the C&C infrastructure based in Belgium and India that law enforcement shutdown since the Trojan became everyone's knowledge, contacted additional infrastructures that were based in Holland and Vietnam.
Some more servers functioned like key C&C proxies, while still more enabled Duqu's perpetrators to keep changing locations thereby causing hurdles for security researchers in tracing traffic that could be malicious. The security company calculated that there were over 12 C&C servers, way back in 2009 that actively communicated with the Duqu infected PCs, Kamluk posted.
In that year, the perpetrators eliminated all the servers they'd utilized, according to Kaspersky. Computerworld.com published this in news on November 30, 2011. The hackers didn't merely erase every file from the mentioned servers, however, rechecked later the efficacy of the cleansing, Kaspersky observed. Senior Researcher Roel Schouwenberg from Kaspersky stated that every C&C sever the company analyzed had been removed. Computerworld.com published this.
Besides, Kaspersky as well unearthed evidences regarding Duqu's activities which the company's researchers are yet to decode.
But the hackers, soon, upgraded all hijacked servers' stock 4.3 edition of OpenSSH -associated with Open 'Berkeley Software Distribution' (BSD) Secure Shell a kind of open-source Internet traffic encryption kit -with the latest 5.8 edition.
Eventually, Kamluk posted that his organization wished that via joint working and cooperation, it could be possible to say more about the mysterious Duqu. Meanwhile, his analysts' team could be reached at "firstname.lastname@example.org, he added. The Register reported this in news on December 1, 2011.
Related article: Dixie College Suffers Data Hack
» SPAMfighter News - 08-12-2011