Duqu Virus – Researchers at Symantec have identified the virus known as Duqu configured to communicate with a specific server at a Belgium web hosting company. Symantec then notified Combell Group that one of its servers was being used for malicious activity on Tuesday.
Two days later, Combell shut down that server.
This latest development comes a week after Indian authorities seized servers from a data center in Mumbai belonging to web hosting provider Web Werks. Its server was also communicating with computers infected with Duqu.
Duqu was detected in October and experts believe it may be the precurser to a future Stuxnet-like attack. Duqu shares a lot of the same code with Stuxnet, and its purpose is to gather intelligence data and assets from entities like industrial control system manufacturers.
“We investigated the case,” Combell business development manager Tom Blast told Reuters. “We decided to shut down the server immediately.”
An unnamed Combell employee said that the server had been running continuously for about a week and was leased through the end of October 2012, according to the report.
John Bumgarner, chief technology officer of the US Cyber Consequences Unit, said that when the hackers moved thier server from India to Belgium, they modified the original technique used to communicate with computers infected by Duqu.
Many experts believe that Stuxnet has changed the nature of cyberwarfare in that viruses, like Duqu, are more broad and complex than ever.