Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Duqu espionage malware authored by "old-school" developers

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 20 Mar 2012 03:08:06 -0500 (CDT)
http://arstechnica.com/business/news/2012/03/duqu-espionage-malware-authored-by-old-school-developers.ars

By Dan Goodin
March 19, 2012
Ars Technica
A sophisticated piece of espionage malware with ties to the Stuxnet worm used to disrupt Iran's nuclear program was probably authored by an experienced team of "old school" professional developers, researchers from antivirus provider Kaspersky said.
They drew that conclusion after seeking the help of researchers and software developers around the world in identifying the programming language used to develop one part of the Duqu malware. Systems infected with Duqu used the mystery module to receive instructions from command-and-control servers. It didn't rely on C++ as most of the other Duqu modules did, and the Kaspersky researchers were also able to rule out the use of Objective C, Java, Python, Ada, Lua and several other languages.
In the weeks following the request for help, the Kaspersky researchers received more than 200 blog comments and more than 60 e-mails that helped fill in the blanks. Among them were comments included in this post on Reddit by someone identified as Igor Skochinsky who said the mystery code looked similar to that derived from object-oriented frameworks for the C programming language. Other readers soon concluded it was generated from a custom object-oriented C dialect that is usually referred to as OO C.
The most likely reason for the choice was the Duqu developers' mistrust of C++ compilers, which in older days often suffered from memory-allocation problems that caused indirect execution. The malware authors also seemed to be influenced by the desire for their code to work with multiple compilers, including Watcom C++ rather than just the one provided in Microsoft's Visual Studio package. 

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: