Category Archives: Roel Schouwenberg

Duqu Attackers: Master Coders, Linux rookies

Post the revelation that 12 known command-and-control (C&C) servers for Duqu were found with all files deleted on Oct. 20, 2011, it has been confirmed that there is no more hacking being done. This revelation has been made by Moscow-based Kaspersky Lab.

It has been found that as soon as the attackers got to know about the Duqu Trojan in October, they secretly tried to remove every single trace of their activity from all their command and control servers.

It is being believed that Duqu is a Trojan horse-based botnet which shares common code and characteristics with Stuxnet. Being developed by hackers, Duqu is told to be attacked by some other country which could have vested interest in the files stores in the Linux servers.

There were reports earlier about Stuxnet which had destroyed Iran’s nuclear program, but Duqu was not made for that purpose. It was made to keep a track on vulnerable installations and computer networks which could trigger the development of another worm targeting industrial control systems.

It has come to the notice during the investigation that hackers had removed every single server they had used as far back as 2009, and further, they checked it again if they have deleted all the stuff perfectly or not.

“The logical assumption here is that we’re looking at possibly a vulnerability in the older version and/or an added feature in the new version that’s of use to the attacker”, said Roel Schouwenberg, a Kaspersky senior researcher. It has been known that along with the command and control servers in India and Belgium, Duqu had been associated with servers in Vietnam and the Netherlands,

As of now, no clue about the hackers behind Duqu and Stuxnet is found as they planned their each move very smartly, however, significant efforts have been made by Kaspersky researchers on the same.