The mystery of Duqu: part six (the command and control servers)
(Publication) Google search: [1]
| The mystery of Duqu: part six (the command and control servers) | |
|---|---|
| Botnet | Duqu |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 2011-11-30 |
| Editor/Conference | Kaspersky lab |
| Link | http://www.securelist.com/en/blog/625/The Mystery of Duqu Part Six The Command and Control servers (Archive copy) |
| Author | Vitaly Kamluk |
| Type | |
Abstract
“ Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu.
It is now a well-known fact that the original Duqu samples were using a C&C server in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv, in Belgium.
At Kaspersky Lab we have currently cataloged and identified over 12 different Duqu variants. These connect to the C&C server in India, to the one in Belgium, but also to other C&C servers, notably two servers in Vietnam and one in the Netherlands. Besides these, many other servers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world and make tracing more difficult. Overall, we estimate there have been more than a dozen Duqu command and control servers active during the past three years.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR971,
editor = {Kaspersky lab},
author = {Vitaly Kamluk},
title = {The mystery of Duqu: part six (the command and control servers)},
date = {30},
month = Nov,
year = {2011},
howpublished = {\url{http://www.securelist.com/en/blog/625/The_Mystery_of_Duqu_Part_Six_The_Command_and_Control_servers}},
}