Stuxnet-based cyber espionage virus targets European firms

Discussion in 'Strategic Forces' started by JAISWAL, Dec 22, 2011.

  1. JAISWAL

    JAISWAL Senior Member Senior Member

    Joined:
    Mar 13, 2010
    Messages:
    1,512
    Likes Received:
    1,016
    Location:
    ghaziabad
    Stuxnet-based cyber espionage virus targets European firms - Telegraph
    .
    .
    European firms that play a key role in nuclear power and other critical industries have been targeted by a cyber espionage attack based on Stuxnet, the computer virus that was designed to sabotage the Iranian nuclear programme.
    Security engineers say it is likely the new variant, Duqu, was created by the same government agencies thought to be behind Stuxnet, an attack that heralded a new era of state conflict online.
    But while Stuxnet was created to cause physical damage to Iran’s uranium enrichment facilities by surreptitiously adjusting machinery, Duqu is an intelligence-gathering tool.
    The new virus’ precise targets have not been disclosed, but they include European firms that make the software that controls power stations and other industrial facilities. By infiltrating their computer networks, it aims to steal confidential information and potentially reveal vulnerabilities that could be exploited in later attacks.
    Inside a target network Duqu seeks out sensitive documents and spies on network users’ activities, including the passwords they type into their keyboards. The information is then smuggled
    out, disguised as ordinary web picture traffic to circumvent security systems, to a “command and control” server located in India.

    Analysis of Duqu has revealed it may have been in use since December last year. It is programmed to remove itself from infected systems after 36 days, so nobody can be sure how many firms have been targeted
    or how much confidential data stolen..
    .
    ..,.............for full article please visit above link
     
  2.  
  3. JAISWAL

    JAISWAL Senior Member Senior Member

    Joined:
    Mar 13, 2010
    Messages:
    1,512
    Likes Received:
    1,016
    Location:
    ghaziabad
    The Mystery of Duqu: Part Six (The Command and Control servers) - Securelist
    .
    .

    The Mystery of Duqu: Part Six (The Command and Control servers)
    .
    .
    It is now a well-known fact that the original Duqu samples were using a C&C server in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv, in
    Belgium.
    At Kaspersky Lab we have currently cataloged and identified over 12 different Duqu variants.
    These connect to the C&C server in India, to the
    one in Belgium, but also to other C&C servers, notably two servers in Vietnam and one in the
    Netherlands. Besides these, many other servers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world and make tracing more difficult. Overall, we estimate there have been more than a dozen Duqu command and control servers active during the past three years.
    ........,.....,...,....,....for full article please visit above link
     

Share This Page