Duqu hackers shift to Belgium after India raid

By Jim Finkle

(Reuters) - Hackers used a server in Belgium to collect data stolen from machines infected with the Duqu computer virus, after authorities shut down another rogue collection system in India, according to security experts.

Governments and security experts around the globe are working to unlock the secrets of the elusive malware, which some say could be the next big cyber threat after the Stuxnet virus that was believed to have infected Iran's nuclear program.

Researchers at Symantec Corp said they had identified a sample of Duqu that was configured to communicate with a specific server at Combell Group, Belgium's largest Web-hosting company.

Hackers frequently use or lease servers at data centers to manage their malicious activities, without the knowledge of the data center operator. Symantec said in a report on its website on Tuesday that it had notified Combell that the server was being used for malicious activity.

Combell Group said it shut down that server on Thursday in response to a query about the matter from Reuters.

"We investigated the case," Combell Business Development Manager Tom Blast told Reuters. "We decided to shut down the server immediately."

News of Duqu first surfaced two weeks ago after researchers at Hungary's Laboratory of Cryptography and System Security found a computer virus that contained code similar to Stuxnet. Early analysis suggested Duqu was developed by hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.

Indian authorities last month seized computer equipment from a data center in Mumbai, after Symantec reported that one of its servers was communicating with computers infected with Duqu.   Continued...