Whoever Wrote The Duqu Trojan's Framework Wrote It In An Unknown Programming Language

The Duqu Trojan is one nasty piece of code, rivaled in sophistication only by its relative, the Stuxnet Worm. A new analysis of the Trojan, however, has revealed just how advanced it really is.

Russian security firm Kaspersky Lab performed the analysis and discovered that portions of the the suspiciously-named Payload DLL file were written in an unknown programming language. What's more, these sections, dubbed the Duqu Framework, were responsible for operating the program's Command and Control functions that allow it to receive further instructions once it's infiltrated a system.

The rest of the program is written and compiled in C++, but not the Duqu Framework. It "is definitely object-oriented," wrote Igor Soumenkov but certainly not anything the analysts had ever seen before.

This discovery only further fuels speculation that both Duqu and Stuxnet are the results of a very advanced, very well-funded organization's or, more likely, nation's efforts. As Alexander Gostev, chief security expert at Kaspersky Lab, speculated,

With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.

Duqu first surfaced last September after the Stuxnet attacks against Iranian nuclear development facilities. Duqu appeared to target state interests in Iran as well as multiple industrial control systems. [Secure List via CBR]



    They probably just coded the assembly directly.

    Programming is cheap. Trojans are cheap. While I don't doubt this is a state endeavour there isn't a country on the planet that couldn't afford to do this. Heck any AAA game company would have the resources to write something like this, just no reason to do so (Unless you want to be REALLY paranoid)

    A couple of dozen programmers and the will to use them would be all you need, maybe not even that if you have a gun you don't mind burning out

      An investigation into the price points and the overall cost of achieving something like this would be an interesting read. Similar to the cost of funding your own private war (Black Water etc) articles.

    What a a crock of a story foundation.

    Choosing (or developing) one high-level language over another has no impact whatsoever on the capability or security of the binaries in the medium to lonng term. It may bloat or obfuscate some code structures from inefficient compilation structures, but that seems rather poiuntless for malware to be larger than it needs to be.. !

    While there is merit to the idea of developing a language suite optimised for nefarious activities, the effort would become a waste of time once the signatures of that suite become identifiable to AV researchers.

    As one pointer posted out, coding in assembler might give you some short term advantages for espionage activities, but once again the truth reveals that the coder simply has too much spare time on his hands.

    Based on the above suggestions, that narrows the likely host nations down to two or three with the resources and clumsiness to attempt such a folly.

    Could have been written by one person. Could have been sent back in time. Could I have a sandwich?

      A no, a no, a yeeeeees!

Join the discussion!

Trending Stories Right Now