Difference between revisions of "The mystery of Duqu: part six (the command and control servers)"
m (Remplacement de texte — « |Editor=Kaspersky » par « |Editor=Kaspersky lab ») |
m (1 revision imported) |
Revision as of 16:24, 7 February 2015
(Publication) Google search: [1]
The mystery of Duqu: part six (the command and control servers) | |
---|---|
Botnet | Duqu |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / 30 novembre 2011 |
Editor/Conference | Kaspersky lab |
Link | http://www.securelist.com/en/blog/625/The Mystery of Duqu Part Six The Command and Control servers www.securelist.com (www.securelist.com Archive copy) |
Author | Vitaly Kamluk |
Type |
Abstract
“ Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu.
It is now a well-known fact that the original Duqu samples were using a C&C server in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv, in Belgium.
At Kaspersky Lab we have currently cataloged and identified over 12 different Duqu variants. These connect to the C&C server in India, to the one in Belgium, but also to other C&C servers, notably two servers in Vietnam and one in the Netherlands. Besides these, many other servers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world and make tracing more difficult. Overall, we estimate there have been more than a dozen Duqu command and control servers active during the past three years.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR971, editor = {Kaspersky lab}, author = {Vitaly Kamluk}, title = {The mystery of Duqu: part six (the command and control servers)}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2011}, howpublished = {\url{http://www.securelist.com/en/blog/625/The_Mystery_of_Duqu_Part_Six_The_Command_and_Control_servers www.securelist.com}}, }