Duqu Hackers Moved Operations Abroad

Hackers who developed the latest doomsday virus named Duqu seem to have moved their illegal operations to Belgium. This country, known for being the birthplace of French fries, and also the rudest word in any language, is reported to have become the new headquarters of operations for the software developers who created this malware.

The hackers have begun using a server located in Belgium in order to gather information stolen from the computers infected with the Duqu malware. This started after security experts closed down their operations in India. Thus far, virus called Duqu has nations and security observers in a panic, since it could become another big Internet threat after the Stuxnet virus, which is considered to have infected the nuclear program of Iran.

Worldwide-known security company Symantec claimed that its experts had identified a sample of Duqu virus, which was designed to communicate with a certain server at Combell, the biggest web-hosting organization in Belgium. Symantec explained that the company had already notified Combell that one of their servers had been used for malicious activity. Combell immediately shut down the website.

It was a couple weeks ago that Duqu first surfaced online. It was spotted by experts from the Hungary’s Laboratory of Cryptography and System Security. The scariest part about the virus was that the latter exploited a hole in Windows operating system and had code similar to Stuxnet malware. The industry observers believe that Duqu has been developed to help lay the groundwork for cyber attacks on important infrastructure like pipelines, power plants, or oil refineries.

One of the unnamed Combell employees admitted that the server in question had been running continuously for almost a week. It was leased through the end of October 2012. He also told local media that it looked fishy, as someone tracking the server appeared to be intentionally deleting information that would log details about its communications. Meanwhile, the mail log itself had virtually no entries, which means that the intruders keep deleting information not to leave traces.

Security experts also admit that when the hackers moved to Belgium, they went further and modified the original method used to communicate with the infected machines, which made it harder for the outfits to detect infected equipment based on previous communication patterns.

 

Intelligence Agency Warned Over Hacks

Iain Lobban, a head of the UK’s largest intelligence agency, has recently warned of a rapid increase in cyber attacks that could jeopardize the country’s economic well-being. He emphasized the increasing problem of hacks on the government, pointing at a considerable attack on the Foreign Office this past summer. In addition, Lobban has noted an increase in the number of cyber attempts to steal sensitive information from various government sources and private companies, including attempts at IP theft on some engineering, energy and defense contract companies.

William Hague, Foreign Secretary, also confirmed an “exponential rise” in the number of attacks. He flagged up the country’s tax database as the one very liable to attack. Everyone is stressing concerns over Internet security ahead of a 2-day conference that starts on Tuesday and will focus on the growing problem. The list of participants includes big names like Hilary Clinton, Jimmy Wales (Wikipedia co-founder), Brad Boston (Cisco vice president) and many others.

Cyber concerns have been increasing on a global scale recently, as the world feared of a close relative of the Stuxnet virus, Duqu, being found, despite the fact that some experts believed the two weren’t linked. Security experts keep saying that the government just needs to make sure that defenses are kept up on an individual level, which can help keep up the constant battle of fending off hacker attacks. They point out that there’s never such a thing as a 100% defense, and there’s always a risk. However, the government is able to take defensible steps like educating users on how to prevent their computers from being compromised. Individual users must realize the importance of keeping security update current. They also must ensure their anti virus software is up to date.

The experts believe that Lobban’s warnings of growing cyber-threat are right, as well as constant attempts to steal sensitive data. Therefore, the government should make sure it is properly defended. There are people out there making attempts to hack into systems, and apparently they could wish to harm the country. However, it might be difficult to learn about the attacks – sometimes it’s hard to see that the information was copied and the hack may go unnoticed. That’s why any outfit must work with assuming the worst in this sense and start from there.

Microsoft Uses Law To Cripple Hacker Spam Network

SAN FRANCISCO—Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

The software titan's Digital Crime Unit got clearance from a US judge to virtually sever the cyber criminals' command computers from hundreds of thousands of machines worldwide infected with a Waledac virus.

"We decided the best tactic would be to literally build a wall between the bot-herder, the command computer, and all of the other computers -- effectively cutting the umbilical cord," said Microsoft attorney Richard Boscovich.

Microsoft got a US judge to grant an ex parte temporary restraining order that let the firm erect the cyber blockade without warning bot-herders, masters of the "botnet."

"It was of crucial importance that when we went out to sever the connection between the bot herder and the bots, that severing had to be done without him knowing," said Boscovich, who works in the digital crime unit.

Microsoft drafted a complaint that made a case to the court that the damage to computer owners worldwide, and to the software firm, was major enough to warrant "this rather extraordinary order," Boscovich said.

The mission to take down one of the ten largest botnets in the United States was referred to internally at Microsoft as "Operation b49."

Waledac is estimated to have infected hundreds of thousands of computers worldwide, letting its masters mine machines for information or secretly use them to fire off spam email.

Hackers typically infect computers with malicious codes by tricking owners into clicking on booby-trapped email messages or Internet links that plant viruses.

Bot-herders are then free to hire out botnets for nefarious tasks such as spewing spam or overwhelming legitimate websites with myriad simultaneously requests in what are known as distributed-denial-of-service attacks.

The Waledac botnet was believed to be capable of sending more than 1.5 billion spam email messages daily.

During a three week period in December, Waledac-infected machines sent approximately 651 million spam email messages to users of Microsoft's free Hotmail service, according to the software firm.

The spam included messages pitching online pharmacies, knock-off goods, and penny stocks.

"Three days into the effort, Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent," a Microsoft lawyer said in a release.

"But the operation hasn't cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused."

Computer users are advised to purge their machines of viruses and make sure their programs and security software are up to date.

US courts allow for hearings to decide whether temporary restraining orders should be made permanent, setting up an unlikely scenario in which bot-herders would argue for their right to reconnect with their machine minions.