Duqu Framework’s Mystery Language Identified As Custom C

Duqu Framework’s Mystery Language Identified As Custom C


When Kaspersky Labs revealed its analysis of the Duqu Trojan earlier this month they were stumped by a block of code that appeared to be a previously unseen programming language. With the help of the internet, Kaspersky’s identified the code, not as a new computer language but rather an old one.

The block of code in question allowed the Duqu Trojan to communicate with its home server and receive updated instructions once it had infiltrated a system. This block of code was dubbed the Duqu Framework. Kaspersky Labs published the block of code and requested suggestions as to what it was from the online security community.

One week and more than 200 replies later, the mystery has been solved. Kaspersky is very confident that the Duqu Framework is written in a custom object-oriented C framework and compiled with MSVC 2008 with options — minimise size and expand only inline — activated.

The practice is likely because either they distrust C++ compilers — which used to much less reliable and often suffered memory-allocation problems — or the program was designed run on a variety of compilers beyond the normal MSVC compiler.

The hacker’s preference for C suggests that they are “experienced, ‘old-school’ developers,” according to Igor Soumenkov of Kaspersky. [Secure List]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.