Strange ‘Duqu’ Code Puzzles Kaspersky’s Researchers
Security researchers at Kaspersky Labs while studying the Duqu malicious program suddenly felt like stumped out when they found a mysterious code in it whose programming language was totally unknown, thereby prompting them to call upon the public and request anybody who might be capable of identifying it to assist them ASAP.
Already, Duqu's analysis by the security company shows that its creators are probably the same who wrote Stuxnet, as they've found the platforms similar that were utilized for developing both malware. But, in the latest study by security researchers Costin Raiu and Igor Sourmenkov, they've found the code as not written with a programming language known earlier.
Meanwhile, once Duqu infects a computer, it contacts certain command-and-control (C&C), central computer server by using a DLL (dynamic link library). This DLL is usually created with the very familiar C++ code language; however, the part utilized for essentially communicating with the C&C server isn't. Kaspersky states, this can be defined as the Duqu Framework, which originally had the researchers bowled out.
Moreover according to Sourmenkov, there's a difference between the Duqu Framework and others since the former hasn't been obtained from C++ resource. There isn't any reference in this piece to a typical, alternatively user-written C++ utility, however, there's certainly a defined objective for it, he analyzes. Computerworld.com published this on March 8, 2012.
A further interesting aspect about the framework, reveals the security company, is that it's extensively event-oriented all through the code.
The researchers, following a massively time-consuming analysis, said that they were wholly sure the Visual C++ language wasn't used to program the Duqu Framework. Probably, the Framework's writers utilized one in-house framework for producing a mediator C-code alternatively a wholly separate programming language, they added.
Alongside C++, other languages that too certainly weren't used for the programming included Java Python, Objective C, Lua, Ada etc.
Kaspersky, which talked about the framework with other specialists also, yet couldn't find an answer to the mystery. Chief malware Specialist Vitaly Kamluk with the Global Research & Analysis Group at Kaspersky Labs commented that it appeared totally strange.
Related article: Storm Worm Returns with Follow-Up Attack
» SPAMfighter News - 15-03-2012