India shuts server linked to Duqu computer virus. By Jim Finkle and Supantha Mukherjee (Reuters) - Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat.
Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu. News of Duqu first surfaced last week when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.
The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. Stuxnet Computer Worm’s Creators May Be Active Again. Stuxnet, which infected tens of thousands of computers in 155 countries last year, created an international sensation when experts reported that it was designed as an American-Israeli project to sabotage Siemens Corporation computers used in uranium enrichment at the Natanz site.
The researchers say the new malicious program, which they call Duqu, is intended to steal digital information that may be needed to mount another Stuxnet-like attack. The researchers, at Symantec, announced the discovery on the company’s Web site on Tuesday, saying they had determined that the new program was written by programmers who must have had access to Stuxnet’s source code, the original programming instructions. “Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” the Symantec researchers said.
Mr. Stuxnet Variant Duqu Found Spying On European Industry. Prelude To CyberWar? We’ve heard about the malware Stuxnet being responsible for single handedly shutting down the Iranian nuclear program .
Now a variant of Stuxnet has been found in undisclosed European industrial sites. Duqu, Stuxnet and the World of Cyber Espionage. In 2010, the Stuxnet malware gained global notoriety as a weapon of cyberwar against Iran.
A new derivative of Stuxnet, dubbed "Duqu" is now making the rounds, though its purpose and target are not yet known. In a keynote session at the SecTOR conference in Toronto this week, F-Secure security researcher Mikko Hypponen detailed his views on Duqu and the world of online espionage noting that it is very clear to him Duqu is not only based on Stuxnet, but was also written by the same people. The Day of the Golden Jackal – The Next Tale in the Stuxnet Files: Duqu. Stuxnet was possibly the most complex attack of this decade, and we expected that similar attacks would appear in the near future.
One thing for sure is that the Stuxnet team is still active–as recent evidence has revealed. McAfee Labs received a kit from an independent team of researchers that is closely related to the original Stuxnet worm, but with a different goal–to be used for espionage and targeted attacks against sites such as Certificate Authorities (CAs). How do we know it was the Stuxnet team? To start with, the attacks are targeting CAs in regions occupied by “Canis Aureus,” the Golden Jackal, to execute professional targeted attacks against sites such as small CAs, industry systems, and others.
The Mystery of Duqu: Part One. First of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident.
To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here (at a minimum) - the main module and a keylogger. New Malware Brings Cyberwar One Step Closer. A newly discovered piece of malicious code dubbed Duqu is closely related to the notorious Stuxnet worm that damaged Iran’s nuclear-enrichment centrifuges last year.
Although it has no known target or author, it sets the stage for more industrial and cyberwar attacks, experts say. “This is definitely a troubling development on a number of levels,” says Ronald Deibert, director of Citizen Lab, an Internet think-tank at the University of Toronto who leads research on cyberwarfare, censorship, and espionage. “In the context of the militarization of cyberspace, policymakers around the world should be concerned.” Indeed, the spread of such code could be destabilizing. The Pentagon’s cyberwar strategy, for example, makes clear that computer attacks on industrial and civilian infrastructure like chemical factories or power grids as well as military networks could be regarded as equivalent to a conventional bombing or other attack, if civilians were endangered.
Researchers warn of new Stuxnet worm. 19 October 2011Last updated at 13:25 Stuxnet seems to have been designed to target uranium enrichment systems Researchers have found evidence that the Stuxnet worm, which alarmed governments around the world, could be about to regenerate.
Stuxnet was a highly complex piece of malware created to spy on and disrupt Iran's nuclear programme. No-one has identified the worm authors but the finger of suspicion fell on the Israeli and US governments. The new threat, Duqu, is, according to those who discovered it, "a precursor to a future Stuxnet-like attack". Its discovery was made public by security firm Symantec, which in turn was alerted to the threat by one of its customers. The worm was named Duqu because it creates files with the prefix DQ. Symantec looked at samples of the threat gathered from computer systems located in Europe. "Unlike Stuxnet, Duqu does not contain any code related to industrial control systems and does not self-replicate," Symantec said in its blog.