A diagram from a Symantec report illustrates the two variants of Duqu
(WEB HOST INDUSTRY REVIEW) –Indian authorities seized servers from a data center in Mumbai as part of a larger investigation into the Duqu botnet, according to a report by Reuters.
Web hosting provider Web Werks (www.web-werks.com) say that officials from India’s Department of Information Technology took several hard drives and other server parts last week. According to the report, Symantec told Web Werks that the server was communicating with computers infected with Duqu.
After being detected in mid-October by a security research firm, Symantec dubbed Duqu the precurser to a future Stuxnet-like attack. While Symantec believes that the threat was written by the same authors as it shares a lot of code with Stuxnet, Dell SecureWorks says the similarities are coincidental. Researchers believe that Duqu’s purpose is to gather intelligence data and assets from entities like industrial control system manufacturers as attackers are looking for information to help them launch an attack on an industrial control facility.
Web Werks is a privately-held hosting company in Mumbai with about 200 employees, according to the report.
Two employees from Web Werks claim that they did not know how the malware got onto the server. One employee, who did not want to be named, says the company couldn’t track down the customer the server belonged to.
Officials are tight-lipped on the progress of the investigation, as Gulshan Rai, director of the Indian Computer Emergency Response Team, was unable to comment on the investigation. Homeland Security’s Industrial Control Systems Cyber Emergency Response Team director Marty Edwards says his agency is working with counterparts in other countries to uncover more information about Duqu.
Unlike Stuxnet, which was targeted mainly in Iran, instances of Duqu have popped up in Europe, Iran, Sudan and the US, according to the report.
Security experts believe that the highly sophisticated nature of Stuxnet, and now Duqu, have changed the landscape of modern cyberwarfare. The complexity of the attacks have made dealing with Duqu challenging for researchers and security firms alike.
While authorities are keeping mum on the details of the investigation, looking towards other malware attacks may give clues on tools used by governments to eliminate these threats. For example, in June, the FBI told a federal court that it had scrubbed 19,000 PCs infected with the Coreflood bot malware, a 10-year-old threat. The FBI was able to send a command to Coreflood-infected PCs that would cease the botnet from operating. While the nature of the threat is much different, it is one example of the way in which authorities are attempting to eliminate malware.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
