Duqu aka Stuxnet 2.0 Trojan has unkown programming language!! Kaspersky asks help of programmers
|This code which is the payload seems to have been coded using unknown programming language
According to kaspersky, which is analysing the malware Duqu also known as Stuxnet 2.0 by some the payload DLL, which communicates with the Command and Control (C&C) server seems to have been written using some coding language never seen before.
Some parts of it, including those for downloading and executing additional modules were written in standard c++ but a big chunk of it was not. This particular section contains no references to any standard or user written c++ functions, and may have been created by different programming team. Kaspersky says many parts of Duqu are directly borrowed from Stuxnet, but this one is new. The company has named it Duqu Framework and has noted that it is not written i C++, Objective C, Java, Python, Ada, Lua and many other languages it checked. Unlike the rest of Duqu, it also wasn’t compiled with Microsof’ts Visual C++ 2008. All they know is it is object-oriented.
From the sophistication of the worm, that it has an entirely new programming language has made Kaspersky think that there are some deep pockets backing the project. Kaspersky CEO Eugene kaspersky supports this on Twitter by saying,
Here is what Kaspersky was able to conclude in its analysis,
• The Duqu Framework appears to have been written in an unknown programming language.
• Unlike the rest of the Duqu body, it’s not C++ and it’s not compiled with Microsoft’s Visual C++ 2008.
• The highly event driven architecture points to code which was designed to be used in pretty much any kind of conditions, including asynchronous commutations.
• Given the size of the Duqu project, it is possible that another team was responsible for the framework than the team which created the drivers and wrote the system infection and exploits.
• The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked.
• Compared to Stuxnet (entirely written in MSVC++), this is one of the defining particularities of the Duqu framework.
kaspersky Lab Expert Igor Soumenkov blogs,
“After having performed countless hours of analysis, we are 100% confident that the Duqu Framework was not programmed with Visual C++,”
“It is possible that its authors used an in-house framework to generate intermediary C code, or they used another completely different programming language. We would like to make an appeal to the programming community and ask anyone who recognizes the framework, toolkit or the programming language that can generate similar code constructions, to contact us or drop us a comment in this blogpost. We are confident that with your help we can solve this deep mystery in the Duqu story.”
So kaspersky is requesting programmers to throw some light on it. you can check the blog link below to get more details on the Duqu and even might help them decode it.
Kaspersky also notes that like Stuxnet, Duqu is highly targeted and related to Iran’s nuclear program.
source : Zdnet blog
Latest posts by indiandragon (see all)
- Swiftkey vs Swiftkey Tablet review - May 25, 2013
- Google + Hangout app review, messaging kills online chat ! - May 21, 2013
- Best cyanogenmod supported phone under Rs10,000 or $180 - May 15, 2013