Duqu hackers move to Belgium

The hackers behind the latest doomsday virus, Duqu, have apparently moved their operations to Belgium.

The nation state, which was the birthplace of the French Fry, and, according to Douglas Adams the most rude word in any language, has become the centre of operations for the hackers who developed the new virus.

Hackers have started using a server in Belgium to collect data stolen from machines infected with the Duqu computer virus, after security experts shut down its operations in India.

Duqu has governments and security experts in a panic because it could be the next big cyber threat after the Stuxnet virus that was believed to have infected Iran’s nuclear program.

Symantec said that it had identified a sample of Duqu that was configured to communicate with a specific server at Combell which is Belgium’s largest Web-hosting company.

Symantec said it had notified Combell that the server was being used for malicious activity and the web-hosting outfit shut down the site yesterday.

Duqu first surfaced two weeks ago when it was spotted by boffins working for Hungary’s Laboratory of Cryptography and System Security. What was scary about the virus was that it exploited a hole in Windows and contained code similar to Stuxnet. It appears to have been developed by hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.

A deep throat within Combell said that the server had been running continuously for about a week and was leased through October 27 next year.

He told Reuters that it looked fishy because somebody controlling the machine appeared to be intentionally deleting data that would log details about its communications. The mail log itself has almost no entries and the hackers are deleting data so they don’t leave traces.

John Bumgarner, chief technology officer of the US Cyber Consequences Unit, also said when the hackers moved their server from India to Belgium, they also modified the original technique used to communicate with computers infected by Duqu. This made it harder for companies to detect infected machines based on previous communication patterns.