Slashdot Mirror

← Back to Stories (view on slashdot.org)

Authorities Seize Duqu's C&C Servers In Mumbai

Posted by samzenpus on from the following-the-trail dept.

wiredmikey writes "In Mumbai, Indian authorities seized components from servers in a data center after Symantec informed them that they were communicating with the command and control infrastructure used by Duqu, the Trojan that is touted as the precursor to the next Stuxnet. According to a report from Reuters, officials the Department of Information Technology in India seized hard drives and other components from a server hosted in a Mumbai data center. Security vendors and government labs are worried that malware such as Duqu and Stuxnet are the building blocks needed in order for attackers to target critical infrastructure. Based on the initial analysis of Duqu, many researchers warned that it was the second generation development of Stuxnet, but this is still the subject of much debate, with some experts now saying that the connection between the two malicious programs is questionable."

6 of 53 comments (clear)

  1. Figures. by WindBourne · · Score: 3, Insightful

    So they grabbed the drive/system, rather than watching and find out who is controlling it and then grab them. And ppl wonder why there are so many crackers out there.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  2. Servers? by Hatta · · Score: 3, Interesting

    I'm kind of surprised that cutting edge malware depends on a central server for command and control. What about P2P? Or steganographic embedding of commands in forum posts or images? It seems like a robust and deniable control system would be one of the first things you implement in malware like this.

    --
    Give me Classic Slashdot or give me death!
    1. Re:Servers? by jesseck · · Score: 2

      Maybe they do... and the C&C servers are just there for extra noise. The C&C may act functional, and send / receive commands which are received by targets, but those targets don't have to do anything with the commands. While Symantec and India proclaim "We've stopped Duku" the virus may still be hard at work, collecting information.

  3. If critical infrastructure wasn't online... by Viol8 · · Score: 4, Interesting

    ... this wouldn't be an issue. And make sure workers can't plug in USB sticks or DVD/CD-ROMS. Really , I do wonder whether people running IT in critical industries have all had a collective lobotomy.

  4. Re:ten to one it was the pakis by RogueyWon · · Score: 2

    The term you used is considered (extremely strong) racial abuse in the UK and some other parts of Europe - basically equal in strength to a certain word beginning with "n". I believe it lacks that association in the US and is used as a simple abbreviation - but given this is a site with an international readership, it's best avoided. It will get a powerful reaction, as you've seen.

    Linguistic minefields like this exist in both directions - some terms considered mild in the UK would be fighting talk in the US and vice-versa.

  5. Correct by WindBourne · · Score: 2

    All the more reason to not announce it and follow it back to where it came from. There is an international community on this. We need to trace this ALL the way back.

    --
    I prefer the "u" in honour as it seems to be missing these days.