DAILYHOSTNEWS, November 9, 2011 – A server in Mumbai, India, sitting in a data center managed by web hosting company Web Werks and contracted by a client in Milan, Italy, is the latest to be thought to be ‘communicating’ with computers infected with the malicious Duqu Trojan.
The news comes less than a week since it was announced that a server in a Belgium data center run by web hosting company Combell had been shut down due to similar fears.
Symantec said the server in Belgium was communicating with the virus, which has a similar code to Stuxnet, another virus known for targeting mission critical facilities. It is the virus believed to have targeted a nuclear facility in Iran.
According to a report by news agency Reuters yesterday, Indian authorities are investigating the case in India, which involved an unmanaged server.
Similar to the case with Combell, Symantec had alerted Web Werks the server in question was communicating with computers infected by Duqu. Web Werks then alerted the Indian Computer Emergency Response Team (CERT-In).
Security firms including Dell Inc’s SecureWorks, Intel Corp’s McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities. Duqu – so named because it creates files with “DQ” in the prefix – was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.
Experts suspect that information is being gathered for use in developing future cyber weapons that would target the control systems of critical infrastructure. The hackers behind Duqu are unknown, but their sophistication suggests they are backed by a government, researchers say. “A cyber saboteur should understand the engineering specifications of every component that could be targeted for destruction in an operation,” said John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit. That is exactly what the authors of Stuxnet did when they built that cyber weapon, said Bumgarner, who is writing a paper on the development of Stuxnet. “They studied the technical details of gas centrifuges and figured out how they could be destroyed,” he said.