Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Duqu Malware’s Developers are Traditional School Programmers, States Kaspersky

Duqu, a malware that has been sophisticatedly created for espionage and bears an association with Stuxnet the PC-worm that caused damage to the nuclear plants in Iran, is possibly the work of experienced developers belonging to the "traditional school" of specialized code-writers, state security investigators from Kaspersky.

Significantly, the observation follows when Kaspersky reached out to worldwide software developers and researchers for assistance towards interpreting the computer language utilized for programming the Duqu Trojan (a portion only). Evidently, PCs contaminated with Duqu utilized anonymous code for getting commands from their central C&C computer-servers. There was little reliance on C++ unlike for the majority of remaining Duqu codes, while Kaspersky stated that Java, Objective C, Lua, Ada, Python and many more languages weren't used either.

The investigators said that Igor Skochinsky a security researcher helped them complete the incomplete portions of the Duqu programming, when Skochinsky indicated that the anonymous module resembled the one obtained from object-type content pertaining to the C software dialect. Shortly, additional interpreters concluded that the creation of the module was with an object-like C language, more popularly called OO C that was customized too.

The choice probably is because the Duqu authors had little faith in C++ constructors that during older times confronted problems of memory-allocation, which resulted in indirect execution. Moreover, the Duqu developers as well wanted their malware utilized many language constructors including Watcom C++ instead of merely the one that Microsoft Company's Visual Studio suite provided.

Notably, Igor Soumenkov Security Specialist at Kaspersky stated that irrespective of whichever version of the two proved right, there was a remarkable impact. According to him, the Dynamic Link Library payload carried 95 Kbytes of OO C programmed event-oriented module wherein the OO C language didn't have any safe pointers or mechanized memory management. Softpedia.com published this on March 19, 2012.

Soumenkov added that the mentioned methods were usually related to professional software while nearly not-the-least to modern malware. The process of developing Duqu indicated it was a unique malware that was ever-more distinct from the numerous incompetent malware usually observed, he concluded. Computerworld.com published this on March 19, 2012.

Related article: Dixie College Suffers Data Hack

» SPAMfighter News - 3/28/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page