Kaspersky Lab has, after an analysis of the Duqu trojan is a component found in a hitherto unknown language would be written. The Russian security firm is asking programmers for help.
The Duqu trojan, which specializes in the installation of a backdoor on infected systems, is largely identical to the code of Stuxnet, the malware that was attempting scada systems of Iran’s nuclear program to sabotage it. After a thorough analysis of the code concludes Kaspersky Lab that is a part that makes contact with a command and control server, i.e. the payload dll, in an unknown programming language is written, while the other components consist of C++code and use of the Microsoft Visual C++ 2008 compiler. Kasperky excludes the ‘mysterious’ Duqu component is written in Python, Java, Objective C, Ada or Lua.
According to the Russian malware researchers, it is possible that the Duqu programmers a framework you have built to self-written C-code with an own compiler to compile or that there is a hitherto unknown language is developed. The “Duqu framework” turns out to be additionally very versatile in its possibilities. For example, the respective module in several ways to make contact with the c&c servers, via http, proxy servers, and network sockets. Also, the module http requests of the server to handle and it is able to captured information by send or new malware code to inject on the other with Duqu-infected systems within a network.
With the evidence that the builders of the Duqu malware, a proprietary language developed, it does not seem inconceivable that the programmers not only very skilled, but probably also has extensive financial resources. Close Kaspersky from the c&c module by another team is written and only later on the other Duqu components is added. To the ‘mystery’ around the c&c module to solve, ask Kaspersky Lab for help from the development community.
