Forgot your password?
typodupeerror
Security News

Authorities Seize Duqu's C&C Servers In Mumbai 53

Posted by samzenpus
from the following-the-trail dept.
wiredmikey writes "In Mumbai, Indian authorities seized components from servers in a data center after Symantec informed them that they were communicating with the command and control infrastructure used by Duqu, the Trojan that is touted as the precursor to the next Stuxnet. According to a report from Reuters, officials the Department of Information Technology in India seized hard drives and other components from a server hosted in a Mumbai data center. Security vendors and government labs are worried that malware such as Duqu and Stuxnet are the building blocks needed in order for attackers to target critical infrastructure. Based on the initial analysis of Duqu, many researchers warned that it was the second generation development of Stuxnet, but this is still the subject of much debate, with some experts now saying that the connection between the two malicious programs is questionable."
This discussion has been archived. No new comments can be posted.

Authorities Seize Duqu's C&C Servers In Mumbai

Comments Filter:
  • Honestly, unless I see it spelled out in the title or whatever... whenever I see "C&C" I simply think of the ol' Command & Conquer game.

    • by Yvan256 (722131)

      I'd bet that at least 25 to 50% of slashdot readers think the same way.

      • Partly it's the subject: it sounds just like a Command & Conquer scenario. I can just see the commando shooting the exploding barrels to take out a tank, so the engineer can reach the data center.

        Speaking of which, do you ever find yourself getting out of bed in the morning and saying, "I've got the codes"?

      • by qubezz (520511)
        Exactly, I was like, "wait, there's no server, it runs IPX over the LAN...." The good ol days, where C&C came with two game discs, so you can give the second to a buddy without needing to buy a second copy, and play LAN without constant permission needed to play the game you bought from game manufacturer's "command and control" DRM servers (tell me India couldn't shut down BF3 through a grand firewall because of DRM.)
    • by bmo (77928)

      As an old usenetter, whenever I see C&C, I think of "coffee and cats warning" as in "put down the coffee and push the cat off your lap before you read this."

      Authorities Seize Duqu's Coffee and Cats Servers In Mumbai

      --
      BMO

      • by tqk (413719)

        As an old usenetter, whenever I see C&C, I think of "coffee and cats warning" as in "put down the coffee and push the cat off your lap before you read this."

        I'm an old Usenetter, and I've never seen that one. Thanks. The equivalent I saw was C|N>K ("Coke piped through nose to keyboard", or something. :-)

    • by RogueyWon (735973) *

      Surely you should know better with this headline. I don't think C&C ever had dedicated server support.

      Unless you mean the tottering DRM-"disguising" atrocity that was the back-end for C&C4. But you can't have meant that. Because C&C4 didn't exist and wasn't the last nail in the coffin of a once proud series. And if anybody says otherwise I'm going to stick my fingers in my ears and go "NANANANANANANANANA" until they go away.

      But yes, after too many hours of my student years wasted to playing that

    • Honestly, unless I see it spelled out in the title or whatever... whenever I see "C&C" I simply think of the ol' Command & Conquer game.

      I always think of the old school hippity hoppity band "C&C Music Factory".

    • I guess it shows my age, I thought it was Crossbows & Catapults :(
    • Totally dude. The server was sharing ten year old pirated software, so they seized it...

    • Oh, man, I was thinking the same thing...time to go home and dust off Red Alert!
  • Figures. (Score:4, Insightful)

    by WindBourne (631190) on Monday October 31, 2011 @10:16AM (#37894272) Journal
    So they grabbed the drive/system, rather than watching and find out who is controlling it and then grab them. And ppl wonder why there are so many crackers out there.
    • I concur, this way they may make headlines immediately instead of patiently waiting and maybe triggering some alarm that the blackhat admins have set up, sure, but it's a poor replacement for getting the responsible people which will just rebuild something more carefully. Back to square one.

      Heck, it could be seen as a form of cover up, or a way to keep oneself in business by throwing the fish back in the river.

    • Re: (Score:2, Funny)

      by Lumpy (12016)

      "And ppl wonder why there are so many crackers out there."

      Mostly because the keep having children...

      Oh wait, are we talking about the same thing?

    • by El Torico (732160)

      And ppl wonder why there are so many crackers out there.

      Hey, didn't you see RogueyWon's post about name calling?

  • Servers? (Score:4, Interesting)

    by Hatta (162192) on Monday October 31, 2011 @10:16AM (#37894274) Journal

    I'm kind of surprised that cutting edge malware depends on a central server for command and control. What about P2P? Or steganographic embedding of commands in forum posts or images? It seems like a robust and deniable control system would be one of the first things you implement in malware like this.

    • Don't give them ideas.
    • by jesseck (942036)
      Maybe they do... and the C&C servers are just there for extra noise. The C&C may act functional, and send / receive commands which are received by targets, but those targets don't have to do anything with the commands. While Symantec and India proclaim "We've stopped Duku" the virus may still be hard at work, collecting information.
  • or is the government just letting it thrive. I cannot imagine that software could be so self aware that upon being aware of its presence competent people cannot figure out a way to stop it once and for all or at least secure vulnerable systems from it.
  • by Viol8 (599362) on Monday October 31, 2011 @10:41AM (#37894610)

    ... this wouldn't be an issue. And make sure workers can't plug in USB sticks or DVD/CD-ROMS. Really , I do wonder whether people running IT in critical industries have all had a collective lobotomy.

    • by gl4ss (559668)

      and what, run them only on custom microcontrollers and dos machines??

      oh wait that would be perfect.

      • by Viol8 (599362)

        Maybe, who knows, Depends on the task. But thats besides the point, which is that even an unpatched Win95 machine is safe if its totally locked down and there's no way for any software or data to be loaded onto it either via a network connection or via the machine itself.

    • I've often wondered why there isn't a proper setup here.
      I mean why are they connected?
      if not
      why can people access them directly?

      I mean.. you can whitelist traffic instead of blacklisting.. you KNOW what is supposed to happen between the "critical side" and it's controller machine.. block anything that doesn't fit that mold.. done

      as an override have a terminal that connects to the control box with a door that sets off every siren in the world when opened. basically saying, something went horribly wrong.

  • Duqu was cut off at the head.

    *sunglasses*
    YEEAHHH!!!

To understand a program you must become both the machine and the program.

Working...