Kaspersky Lab reveals complexity of 'OO C' coded Duqu

By on
Kaspersky Lab reveals complexity of 'OO C' coded Duqu

Source code may reveal Duqu creator

Kaspersky Lab has revealed that the Duqu malware used the source code object oriented C (OO C) which specially written by a professional.

It claimed that a previously unknown code block, located inside a section of the malicious program's Payload DLL that was responsible for interacting with the command and control (C&C) servers after infection, consists of ‘C' source code compiled with Microsoft Visual Studio 2008 and special options for optimising code size and in-line expansion.

It said that the code was also written with a customised extension for combining object-oriented programming with C, generally referred to as ‘OO C'.

Having called for assistance to the security industry, Vitaly Kamluk, chief malware expert at Kaspersky Lab said that the use of this code made it more portable, efficient and lightweight and the analysis of the code would help it determine who the attacker(s) was and learn habits to make a better guess of who was behind it.

“It is common for software developers to use simple tools to create code that is easier and faster and makes life simpler. With Duqu it is the opposite, professional developers create their own framework so a software architect introduced this module.”

He also said that this code/framework was used for the first time in this instance, or it would have been recognised. “OO C is a common development approach for Mac OS, this is a reimplementation for Mac OS but for Windows, but there is some malware for Mac OS which is implemented in OO C,” he said.

Kamluk said that was ‘civil code', developed by a normal cybercriminal that looks like the normal style for coding enterprise style applications, but behind it was likely to be large organisation who can afford special skills in their development team.

He suspected that it was built by someone with special skills and by a development team of 20-30 people and that it may consist of different organisations. He also said that there were no clear geographical specifics within its analysis.

“Compared to traditional malware, it may take at least three-to-five times longer to create it. Traditional malware can be created by a student, this was done by a professional,” he said.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
duqu kaspersky lab security
In Partnership With

Most Read Articles

Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown

Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown
Microsoft patches exploited new Windows zero-day

Microsoft patches exploited new Windows zero-day
NBN Co technicians missed 430 appointments a day

NBN Co technicians missed 430 appointments a day
NBN Co reveals 58 percent of HFC network still unserviceable

NBN Co reveals 58 percent of HFC network still unserviceable
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Automate and secure IOT for Business
Automate and secure IOT for Business
Data Science and AI Solutions for Cybersecurity
Data Science and AI Solutions for Cybersecurity
Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider

Events

Log In

Username / Email:
Password:
  |  Forgot your password?