Hackers who developed the latest doomsday virus named Duqu seem to have moved their illegal operations to Belgium. This country, known for being the birthplace of French fries, and also the rudest word in any language, is reported to have become the new headquarters of operations for the software developers who created this malware.
The hackers have begun using a server located in Belgium in order to gather information stolen from the computers infected with the Duqu malware. This started after security experts closed down their operations in India. Thus far, virus called Duqu has nations and security observers in a panic, since it could become another big Internet threat after the Stuxnet virus, which is considered to have infected the nuclear program of Iran.
Worldwide-known security company Symantec claimed that its experts had identified a sample of Duqu virus, which was designed to communicate with a certain server at Combell, the biggest web-hosting organization in Belgium. Symantec explained that the company had already notified Combell that one of their servers had been used for malicious activity. Combell immediately shut down the website.
It was a couple weeks ago that Duqu first surfaced online. It was spotted by experts from the Hungary’s Laboratory of Cryptography and System Security. The scariest part about the virus was that the latter exploited a hole in Windows operating system and had code similar to Stuxnet malware. The industry observers believe that Duqu has been developed to help lay the groundwork for cyber attacks on important infrastructure like pipelines, power plants, or oil refineries.
One of the unnamed Combell employees admitted that the server in question had been running continuously for almost a week. It was leased through the end of October 2012. He also told local media that it looked fishy, as someone tracking the server appeared to be intentionally deleting information that would log details about its communications. Meanwhile, the mail log itself had virtually no entries, which means that the intruders keep deleting information not to leave traces.
Security experts also admit that when the hackers moved to Belgium, they went further and modified the original method used to communicate with the infected machines, which made it harder for the outfits to detect infected equipment based on previous communication patterns.
The hackers have begun using a server located in Belgium in order to gather information stolen from the computers infected with the Duqu malware. This started after security experts closed down their operations in India. Thus far, virus called Duqu has nations and security observers in a panic, since it could become another big Internet threat after the Stuxnet virus, which is considered to have infected the nuclear program of Iran.
Worldwide-known security company Symantec claimed that its experts had identified a sample of Duqu virus, which was designed to communicate with a certain server at Combell, the biggest web-hosting organization in Belgium. Symantec explained that the company had already notified Combell that one of their servers had been used for malicious activity. Combell immediately shut down the website.
It was a couple weeks ago that Duqu first surfaced online. It was spotted by experts from the Hungary’s Laboratory of Cryptography and System Security. The scariest part about the virus was that the latter exploited a hole in Windows operating system and had code similar to Stuxnet malware. The industry observers believe that Duqu has been developed to help lay the groundwork for cyber attacks on important infrastructure like pipelines, power plants, or oil refineries.
One of the unnamed Combell employees admitted that the server in question had been running continuously for almost a week. It was leased through the end of October 2012. He also told local media that it looked fishy, as someone tracking the server appeared to be intentionally deleting information that would log details about its communications. Meanwhile, the mail log itself had virtually no entries, which means that the intruders keep deleting information not to leave traces.
Security experts also admit that when the hackers moved to Belgium, they went further and modified the original method used to communicate with the infected machines, which made it harder for the outfits to detect infected equipment based on previous communication patterns.
No comments:
Post a Comment