Kaspersky researchers ask programming community for help decipher the code
Researchers at Kaspersky have reached out for assistance after an investigation into the Duqu Trojan uncovered a section that is written in an unknown programming language.
Believed to be authored by the developers of the Stuxnet malware, traces of Duqu were found as far back as 2007. It gained notoriety after several attacks on Iranian organisations, stealing corporate and operational information.
The mystery section was found in the Payload DLL, which communicates with the Trojan’s Command and Control (C&C) servers once a machine is infected. Kaspersky’s researchers have dubbed it the “Duqu Framework” and have suggested that the language used may have been solely developed for the specific malware.
While the majority of Duqu is written in C++, the Framework was not and was not compiled with Microsoft’s Visual C++ 2008. Other languages ruled out include Python, Java, Objective C, Ada and Lua.
“Given the size of the Duqu project, it’s possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits,” said Alexander Gostev, chief security expert at Kaspersky Lab, in a statement.
“With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”
Kaspersky suggests that the developers were highly skilled and likely had significant financial and labour backing. Details of its findings so far are documented in a blog written by Lab expert Igor Soumankov, who urges the programming community to help decipher the unknown language.
How well do you know Internet security? Try our quiz and find out!