Duqu hackers scrub evidence from command servers, shut down spying op

December 1, 2011
Cyber Security, FedCyber Wire
No Comment

The hackers behind the Duqu botnet have shut down their snooping operation, a security researcher said today.

The 12 known command-and-control (C&C) servers for Duqu were scrubbed of all files on Oct. 20, 2011, according to Moscow-based Kaspersky Lab.

That was just two days after rival antivirus firm Symantec went public with its analysis of Duqu, a Trojan horse-based botnet that many security experts believe shared common code and characteristics with Stuxnet, the super-sophisticated worm that last year sabotaged Iran’s nuclear program.

Duqu was designed, said Symantec and Kaspersky, by advanced hackers, most likely backed by an unknown country’s government. Unlike Stuxnet, it was not crafted to wreak havoc on uranium enrichment centrifuges, but toscout out vulnerable installations and computer networks as a lead-in to the development of another worm targeting industrial control systems.

via Computerworld, continued here.