India shuts server linked to Duqu computer virus

Fri Oct 28, 2011 6:41pm EDT
 
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article | Single Page
[-] Text [+]

By Jim Finkle and Supantha Mukherjee

(Reuters) - Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat.

Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.

News of Duqu first surfaced last week when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.

Government and private investigators around the world are racing to unlock the secret of Duqu, with early analysis suggesting that it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.

The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said.

"This one is challenging," said Marty Edwards, director of the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."

He declined to comment on the investigation by authorities in India, but said that his agency was working with counterparts in other countries to learn more about Duqu.

Two employees at Web Werks said officials from India's Department of Information Technology came to their office last week to take hard drives and other parts from a server.   Continued...