Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Strange ‘Duqu’ Code Puzzles Kaspersky’s Researchers

Security researchers at Kaspersky Labs while studying the Duqu malicious program suddenly felt like stumped out when they found a mysterious code in it whose programming language was totally unknown, thereby prompting them to call upon the public and request anybody who might be capable of identifying it to assist them ASAP.

Already, Duqu's analysis by the security company shows that its creators are probably the same who wrote Stuxnet, as they've found the platforms similar that were utilized for developing both malware. But, in the latest study by security researchers Costin Raiu and Igor Sourmenkov, they've found the code as not written with a programming language known earlier.

Meanwhile, once Duqu infects a computer, it contacts certain command-and-control (C&C), central computer server by using a DLL (dynamic link library). This DLL is usually created with the very familiar C++ code language; however, the part utilized for essentially communicating with the C&C server isn't. Kaspersky states, this can be defined as the Duqu Framework, which originally had the researchers bowled out.

Moreover according to Sourmenkov, there's a difference between the Duqu Framework and others since the former hasn't been obtained from C++ resource. There isn't any reference in this piece to a typical, alternatively user-written C++ utility, however, there's certainly a defined objective for it, he analyzes. Computerworld.com published this on March 8, 2012.

A further interesting aspect about the framework, reveals the security company, is that it's extensively event-oriented all through the code.

The researchers, following a massively time-consuming analysis, said that they were wholly sure the Visual C++ language wasn't used to program the Duqu Framework. Probably, the Framework's writers utilized one in-house framework for producing a mediator C-code alternatively a wholly separate programming language, they added.

Alongside C++, other languages that too certainly weren't used for the programming included Java Python, Objective C, Lua, Ada etc.

Kaspersky, which talked about the framework with other specialists also, yet couldn't find an answer to the mystery. Chief malware Specialist Vitaly Kamluk with the Global Research & Analysis Group at Kaspersky Labs commented that it appeared totally strange.

Related article: Storm Worm Returns with Follow-Up Attack

» SPAMfighter News - 15-03-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next