Kaspersky Lab reveals complexity of 'OO C' coded Duqu

By on
Kaspersky Lab reveals complexity of 'OO C' coded Duqu

Source code may reveal Duqu creator

Kaspersky Lab has revealed that the Duqu malware used the source code object oriented C (OO C) which specially written by a professional.

It claimed that a previously unknown code block, located inside a section of the malicious program's Payload DLL that was responsible for interacting with the command and control (C&C) servers after infection, consists of ‘C' source code compiled with Microsoft Visual Studio 2008 and special options for optimising code size and in-line expansion.

It said that the code was also written with a customised extension for combining object-oriented programming with C, generally referred to as ‘OO C'.

Having called for assistance to the security industry, Vitaly Kamluk, chief malware expert at Kaspersky Lab said that the use of this code made it more portable, efficient and lightweight and the analysis of the code would help it determine who the attacker(s) was and learn habits to make a better guess of who was behind it.

“It is common for software developers to use simple tools to create code that is easier and faster and makes life simpler. With Duqu it is the opposite, professional developers create their own framework so a software architect introduced this module.”

He also said that this code/framework was used for the first time in this instance, or it would have been recognised. “OO C is a common development approach for Mac OS, this is a reimplementation for Mac OS but for Windows, but there is some malware for Mac OS which is implemented in OO C,” he said.

Kamluk said that was ‘civil code', developed by a normal cybercriminal that looks like the normal style for coding enterprise style applications, but behind it was likely to be large organisation who can afford special skills in their development team.

He suspected that it was built by someone with special skills and by a development team of 20-30 people and that it may consist of different organisations. He also said that there were no clear geographical specifics within its analysis.

“Compared to traditional malware, it may take at least three-to-five times longer to create it. Traditional malware can be created by a student, this was done by a professional,” he said.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
duqu kaspersky lab security
In Partnership With

Most Read Articles

Telstra towers over rivals in war for NBN power

Telstra towers over rivals in war for NBN power
Keyboard layout change in iOS annoys users

Keyboard layout change in iOS annoys users
NBN Co to simplify network and IT architecture

NBN Co to simplify network and IT architecture
Telstra frets network breakage, trust breaches from decryption laws

Telstra frets network breakage, trust breaches from decryption laws
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies

Events

Log In

Username / Email:
Password:
  |  Forgot your password?