SECURITY OUTFIT Kaspersky Lab claims that part of the Duqu Trojan was written in a bespoke programming language.
Kaspersky claims that unlike the rest of the Duqu Trojan, which is written in C++, part of the code in the payload dynamic linked library is made up of a yet unidentified programming language. According to Kaspersky the language is not C++ and was not compiled with Microsoft's Visual C++, however it is an object-oriented programming language.
Kaspersky confirms the language has "related activities that are suitable for network applications", meaning that it has some level of access to a network adaptor, though the firm didn't say what sort of low-level access. The Duqu Trojan uses command and control servers on the internet to operate, meaning that some level of network connectivity is a must.
Alexander Gostev, chief security expert at Kaspersky Lab said, "With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C and Cs [command and control servers], but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program."
While Kaspersky was unable to identify the programming language used, it shows that the programmers went to great lengths to create an object-oriented programming language and an associated compiler for the Duqu Trojan. Given the apparent complexity of such a task, this gives further credence to claims that the Duqu Trojan, which has mainly affected Iranian systems, was designed and written by more than just some lone cheeky chap looking to cause random disruption. µ
Sign up for INQbot – a weekly roundup of the best from the INQ