Pin It
Pages Menu
Categories Menu

Posted by on Mar 9, 2012 in Infosec, Malware | 0 comments

Duqu aka Stuxnet 2.0 Trojan has unkown programming language!! Kaspersky asks help of programmers

This code which is the payload seems to have been coded using unknown programming language

According to kaspersky, which is analysing the malware Duqu also known as Stuxnet 2.0 by some the payload DLL, which communicates with the Command and Control (C&C) server seems to have been written using some  coding language never seen before.
                                                                    Some parts of it, including those for downloading and executing additional modules were written in standard c++ but a big chunk of it was not. This particular section contains no references to any standard or user written c++ functions, and may have been created by different programming team. Kaspersky says many parts of Duqu are directly borrowed from Stuxnet, but this one is new. The company has named it Duqu Framework and has noted that it is not written i C++, Objective C, Java, Python, Ada, Lua and many other languages it checked. Unlike the rest of Duqu, it also wasn’t compiled with Microsof’ts Visual C++ 2008. All they know is it is object-oriented.

From the sophistication of the worm, that it has an entirely new programming language has made Kaspersky think that there are some deep pockets backing the project. Kaspersky CEO Eugene kaspersky supports this on Twitter by saying,

The mystery of #Duqu framework <- seems the state behind #Duqu sponsored the development of a new progr language
— Eugene Kaspersky (@e_kaspersky) March 7, 2012

Here is what Kaspersky was able to conclude in its analysis,

The Duqu Framework appears to have been written in an unknown programming                   language.
Unlike the rest of the Duqu body, it’s not C++ and it’s not compiled with Microsoft’s                  Visual C++ 2008.
The highly event driven architecture points to code which was designed to be used in                 pretty much any kind of conditions, including asynchronous commutations.
Given the size of the Duqu project, it is possible that another team was responsible for                the framework than the team which created the drivers and wrote the system infection                 and exploits.
The mysterious programming language is definitively NOT C++, Objective C, Java,                 Python, Ada, Lua and many other languages we have checked.
Compared to Stuxnet (entirely written in MSVC++), this is one of the defining                  particularities of the Duqu framework.

kaspersky Lab Expert Igor Soumenkov blogs,

“After having performed countless hours of analysis, we are 100% confident that the Duqu Framework was not programmed with Visual C++,” 

“It is possible that its authors used an in-house framework to generate intermediary C code, or they used another completely different programming language. We would like to make an appeal to the programming community and ask anyone who recognizes the framework, toolkit or the programming language that can generate similar code constructions, to contact us or drop us a comment in this blogpost. We are confident that with your help we can solve this deep mystery in the Duqu story.”

So kaspersky is requesting programmers to throw some light on it. you can check the blog link below to get more details on the Duqu and even might help them decode it.

Kaspersky also notes that like Stuxnet, Duqu is highly targeted and related to Iran’s nuclear program.

source : Zdnet blog

The following two tabs change content below.
Indiandragon though Developer, Hacker and Researcher by profession, he aslo writes on Movies, Sports and Entertainment in News@Indiandragon. He specialises in Technology, Defence and Information Security.