Saturday, August 30, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung Partners with Nike On Running App
Samsung Applied for Samsung Quantum Dot TV Trademark
New iPhones Expected at Sept. 9 Event
Google Tests Drones For Delivery Of Goods
UMC To Partner With Fujitsu On Chip Production
Samsung, LG Introduce New Smartwatches
Sharp, Pioneer Dissolve Their Capital Alliance
Nero 2015 is Coming At IFA
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Kaspers...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, March 09, 2012
Kaspersky Found Unknown Programming Language in the Duqu Trojan


The Duqu Trojan was partly written using an unknown programming language, according to researchers at Kaspersky.

"The big unsolved mystery of the Duqu Trojan relates to how the malicious program was communicating with its Command and Control (C&C) servers once it infected a victim's machine. The Duqu module that was responsible for interacting with the C&Cs is part of its Payload DLL," Kaspersky said. "After a comprehensive analysis of the Payload DLL, Kaspersky Lab researchers have discovered that a specific section inside the Payload DLL, which communicates exclusively with the C&Cs, was written in an unknown programming language. Kaspersky Lab researchers have named this unknown section the 'Duqu Framework.'"

Duqu is a sophisticated Trojan that was created by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information. Duqu was first detected in September 2011, but according to Kaspersky Lab data, the first trace of Duqu-related malware dates back to August 2007. Kaspersky has recorded over a dozen incidents involving Duqu, with the vast majority of victims located in Iran. According to the security company, the main goal of the attacks was to steal information about industrial control systems used in a number of industries as well as gathering intelligence about the commercial relations of a whole range of Iranian organizations.

Unlike the rest of Duqu, the Duqu Framework is not written in C++ and it's not compiled with Microsoft's Visual C++ 2008. "It is possible that its authors used an in-house framework to generate intermediary C code, or they used another completely different programming language," Kaspersky said. However, Kaspersky Lab researchers have confirmed that the language is object-oriented and performs its own set of related activities that are suitable for network applications.

The language in the Duqu Framework is highly specialized. It enables the Payload DLL to operate independently of the other Duqu modules and connects it to its dedicated C&C through several paths including Windows HTTP, network sockets and proxy servers. It also allows the Payload DLL to process HTTP server requests from the C&C directly, stealthily transmits copies of stolen information from the infected machine to the C&C, and can even distribute additional malicious payload to other machines on the network, which creates a controlled and discreet form of spreading infections to other computers.

"Given the size of the Duqu project, it's possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team which created the drivers and wrote the system infection exploits," said Alexander Gostev, Chief Security Expert at Kaspersky Lab. "With the extremely high level of customization and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program."

According to Alexander Gostev, the creation of a dedicated programming language demonstrates just how highly skilled the developers working on the project are, and points to the significant financial and labor resources that have been mobilized to ensure the project is implemented.

Kaspersky Lab appeals to the programming community and asks anyone who recognizes the framework, toolkit or the programming language that can generate similar code constructions, to contact the company.


Previous
Next
Intel Provides Overview Of Ivy Bridge And Intel 7 Series Express Chipset at CeBIT 2012        All News        Google To Release 7-inch Tablet PC in May
OnLive is Improperly Licensed, Says Microsoft     General Computing News      DRAM, NAND Flash Market Trends

Get RSS feed Easy Print E-Mail this Message

Related News
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach
Microsoft Disrupts Nitol Botnet
Kaspersky Discovers New IT Virus Linked To Stuxnet

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .