http://arstechnica.com/business/news/2012/03/duqu-espionage-malware-authored-by-old-school-developers.ars By Dan Goodin March 19, 2012 Ars Technica A sophisticated piece of espionage malware with ties to the Stuxnet worm used to disrupt Iran's nuclear program was probably authored by an experienced team of "old school" professional developers, researchers from antivirus provider Kaspersky said. They drew that conclusion after seeking the help of researchers and software developers around the world in identifying the programming language used to develop one part of the Duqu malware. Systems infected with Duqu used the mystery module to receive instructions from command-and-control servers. It didn't rely on C++ as most of the other Duqu modules did, and the Kaspersky researchers were also able to rule out the use of Objective C, Java, Python, Ada, Lua and several other languages. In the weeks following the request for help, the Kaspersky researchers received more than 200 blog comments and more than 60 e-mails that helped fill in the blanks. Among them were comments included in this post on Reddit by someone identified as Igor Skochinsky who said the mystery code looked similar to that derived from object-oriented frameworks for the C programming language. Other readers soon concluded it was generated from a custom object-oriented C dialect that is usually referred to as OO C. The most likely reason for the choice was the Duqu developers' mistrust of C++ compilers, which in older days often suffered from memory-allocation problems that caused indirect execution. The malware authors also seemed to be influenced by the desire for their code to work with multiple compilers, including Watcom C++ rather than just the one provided in Microsoft's Visual Studio package. [...] ______________________________________________________________________________ CISSP and CEH training with Expanding Security is the fastest, easiest way to grock the relevant data you need now. A free class invite is in every PainPill. Sign up for the free weekly PainPill . It's that easy. http://www.expandingsecurity.com/PainPillReceived on Tue Mar 20 2012 - 01:08:06 PDT
This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 01:13:51 PDT