Indian authorities are investigating the server, which Symantec found to be actively communicating with computers infected with Duqu, a mysterious and complex piece of malicious software that experts warn appears to be written with infrastructure targets in mind (power plants etc.)
It became public when Symantec reported it on October 18. A research lab had contacted the security firm over a mysterious computer virus that appeared to be similar to Stuxnet, and which has since been described as a possible successor to Stuxnet.
The Stuxnet malware is widely believed to have wreaked havoc on Iran's nuclear facilities by messing with industrial control systems made by Siemens.
Now the Duqu malware is gaining considerable attention from governments and investigators in the private sector. The Indian server, located in Mumbai, might provide crucial information on the virus. If not enough to give a hint of its origin, it might give a hint of its intent.
Web Werks, which hosted the virtual private server, has made an image and provided it to the Indian Computer Emergency Response Team (CERT-In) to analyse.
Duqu appears to be more targeted than conventional malware, with security firms like SecureWorks, McAfee, Kaspersky and Symantec finding only limited Duqu attacks, with estimates of total infection count only in the dozens.
Written by: James Delahunty @ 14 Dec 2011 1:16