India Seizes Equipment Linked to Duqu Attack

Officials in India have seized components from a server as part of an investigation into the Duqu Trojan, according to a report.

Officials in India have seized components from a server as part of an investigation into the Duqu Trojan, according to a report.

According to Reuters, two workers at Web Werks, a web hosting company based in Mumbai, said the country’s Department of Information Technology took the equipment after security vendor Symantec reported the server was communicating with computers infected with Duqu. First publicized earlier this month, Duqu gained widespread attention due to its similarities with the infamous Stuxnet worm.

In their analysis of the malware, researchers at Symantec have contended that Duqu may have been developed to gather information to lay the groundwork for a Stuxnet-style attack on critical infrastructure. While it doesn’t contain code specifically targeting industrial control systems, Duqu does have elements in common with Stuxnet. For example, Dell SecureWorks’ Counter Threat Unit noted that the kernel drivers for Duqu and Stuxnet utilize many similar techniques in the name of stealth and encryption, such as a rootkit for concealing files. Those techniques however are not unique to either Stuxnet or Duqu, according to the Dell SecureWorks’ team.

Thus far, security vendors have observed Duqu infections in a number of countries, including Iran and Sudan. The purpose of the malware however remains unclear.

Marty Edwards, director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, told Reuters his agency is working with its counterparts in other countries to uncover more information about the attack.

“This one is challenging,” Edwards said in an interview with Reuters. “It’s a very complex piece of software.”

For the full report, click here for the Reuters article.

Suggested articles

Discussion

  • Luis Santana on

    With the cyberwar buzzword floating around I'm sure we'll see more and more of these sorts of attacks in vectors we rarely would bother acknowledging and instead chalking up to hackers being hackers.


    When Blaster or Sasser or myDoom spread around wreaking havock no one bothered to think, "man, maybe this thing is going around hitting specific systems." we just took it for what it was, a worm going around messing with systems.

  • Whevyrenee on

    must check online shopping for promotion code

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.