India Shuts Down Server Used by Duqu Malware
India announced Monday the closure of a server identified by computer security experts as one of the portals being used by computers that have been tagged as Duqu-infected.
Symantec Corp has called attention to the existence of Duqu, a malicious software program unleashed by hackers in early October that is suspected of attacks similar to those attributed to Stuxnet, which targeted the system that maintains Iran's nuclear program.
According to Reuters, Mumbai-based Web Werks has started coordinating with the Indian Computer Emergency Response Team (CERT-In) following reports by Symantec that one of the Web-hosting firm's servers was communicating with Duqu-infected PCs.
Web Werks founder Nikhil Rathi told Reuters the server pinpointed by Symantec was rented by a client in Milan, Italy, and an "image" of it has been provided to CERT-In for further investigation.
"This is an unmanaged server ... When you hand over a server to a customer, that's it, it's his. He can change his password and do whatever he wants with it," Rathi told Reuters.
Security experts hope that the image furnished by Web Werks will yield clues to the core operations of Duqu, which Symantec discovered Oct. 18.
The security firm has conceded that to date, the software's actual capability, specifically the amount of destruction it can deliver to crucial IT infrastructures, remains a blank wall to them.
Analysts, however, have suggested that a government may be behind the sophistication surrounding the Duqu architecture, which they added could be the initial phase of a major attack that would focus on power plants, oil refineries and pipelines.
Experts admitted that the hackers behind Duqu are one step ahead of the game and understanding the malware's full features may require more time, based on currently available data.
"This one is challenging ... and it's a very complex piece of software," Marty Edwards of the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team told Reuters.
Duqu's infection is so far concentrated in Europe, Iran, Sudan and the United States, according to major computer firms, and its spread rate has been characterised as slow, deliberate and focused as compared to Stuxnet, which was deployed with considerable speed.
Stuxnet was widely regarded by IT experts as responsible for paralysing the industrial control system developed by Siemens and employed by Iran in enriching uranium for its nuclear program.
As the Duqu probe continues, its next deployment is still a mystery for security experts. As admitted by Don Jackson of SecureWorks: "We are a little bit behind in the game."