Just a week after authorities in India raided a Mumbai data centre utilizing servers infected by the Duqu virus, the virus was found by Symantec running on servers in Belgium. Symantec informed the owner of those servers, Combell Group, who subsequently shut them down two days later. The attack heightens the sense of alarm among IT security experts who fear that the cyber war is heating up to an almost unmanageable level. What started out as a variation of the now infamous Stuxnet bug has security experts worried that Duqu could be potentially more damaging than anything the industry has yet seen.
According to investigators when the Indian operations were shut down hackers decided to move their server to Belgium instead. They attempted to avoid detection by altering the code so that Duqu communicated with other servers in a different way. Fortunately, they were unsuccessful in this attempt. But security experts warn that whoever is responsible for the Duqu virus will continue to ramp up their efforts to produce malicious code that can’t be detected.
Already sophisticated hackers have found ways to create code that embeds itself in the deepest recesses of a computer network and is able to sign itself in order to make it appear as legitimate. This makes it even harder to detect, and opens the doors for heavy network exploitation for at least a couple of days before security experts find it. Furthermore, according to experts the most widespread use of such code is among organized cyber crime groups. Such groups are looking to steal corporate information as quickly as possible before being detected and shut down.