The Duqu Trojan is one nasty piece of code, rivaled in sophistication only by its relative, the Stuxnet Worm. A new analysis of the Trojan, however, has revealed just how advanced it really is.
Russian security firm Kaspersky Lab performed the analysis and discovered that portions of the the suspiciously-named Payload DLL file were written in an unknown programming language. What’s more, these sections, dubbed the Duqu Framework, were responsible for operating the program’s Command and Control functions that allow it to receive further instructions once it’s infiltrated a system.
The rest of the program is written and compiled in C++, but not the Duqu Framework. It “is definitely object-oriented,” wrote Igor Soumenkov but certainly not anything the analysts had ever seen before.
This discovery only further fuels speculation that both Duqu and Stuxnet are the results of a very advanced, very well-funded organisation’s or, more likely, nation’s efforts. As Alexander Gostev, chief security expert at Kaspersky Lab, speculated,
With the extremely high level of customization and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.
Duqu first surfaced last September after the Stuxnet attacks against Iranian nuclear development facilities. Duqu too appeared to target state interests in Iran as well as multiple industrial control systems. [Secure List via CBR]