Authorities in India are investigating a computer server in Mumbai for links to the Duqu malicious software that some security experts warned could be the next big cyber threat.
Web Werks, a Mumbai-based Web-hosting company, said it had given an image of the suspicious virtual private server to officials from the Indian Computer Emergency Response Team (CERT-In), after security firm Symantec Corp found the server was communicating with computers infected with the Duqu virus.
The virtual private server was leased to a client in Milan, Italy, according to Nikhil Rathi, founder of Web Werks.
“This is an unmanaged server. So, you just make it and let the customer access it,” he said. “When you hand over a server to a customer, that’s it, it’s his. He can change his password and do whatever he wants with it.”
News of Duqu first surfaced last week when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran’s nuclear program.
[advt]Government and private investigators around the world are racing to unlock the secret of Duqu, with early analysis suggesting that it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.
The image from Web Werks might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said.