Part of the Duqu Trojan was written in an unknown programming language, according to research by Kaspersky Lab.
The method in which Duqu communicated with its command and control (C&C) servers after infection.
Researchers said the Duqu module interacted with the C&C servers through the Payload dll. Further analysis found a specific section was written in an unknown language.
Kaspersky researchers named this unknown section the Duqu Framework.
They said it demonstrated the Duqu developer's high level of skill and the significant financial investment.
The remainder of Duqu was written in C++ and was compiled with Microsoft's Visual C++ 2008.
Researchers confirmed the language was object-oriented and performed its own set of related activities suitable for network applications.
Chief security expert Alexander Gostev said it was possible an entirely different team was responsible for creating the Duqu Framework.
“With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”
Kaspersky Lab has appealed to the programming community and asks anyone who recognises the framework, toolkit or the programming language and can generate similar code constructions to contact its researchers.
