Indian authorities have seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat.
News of Duqu first surfaced last week when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.
Government and private investigators around the world are racing to unlock the secret of Duqu, with early analysis suggesting that it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.
Stuxnet is a malicious software designed to target widely used industrial control systems built by Germany's Siemens (SIEGn.DE). It is believed to have crippled centrifuges that Iran uses to enrich uranium for what the United States and some European nations have charged is a covert nuclear weapons program. Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new Trojan virus has infected at most dozens of machines so far.
Duqu is named so because it creates files with DQ in the prefix. It was designed to steal secrets from the computers it infects, such as design documents from makers of highly sophisticated valves, motors, pipes and switches, researchers said.
Security firms, including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec said they had found Duqu victims in Europe, Iran, Sudan and the United States. However, they declined to provide victims' identities.
Experts suspect that information is being gathered for use in developing future cyber weapons that would target the control systems of critical infrastructure. The hackers behind Duqu are unknown, but their sophistication suggests they are backed by a government.