Kaspersky Lab finds Duqu contained unknown programming language

Part of the Duqu Trojan was written in an unknown programming language.

According to analyze by Kaspersky Lab, this solves the mystery of the way it communicated with its command and control (C&C) servers after infection. It claimed that the Duqu module that was accountable for interacting with the C&C servers is a part of its Payload DLL, and analysis of that discovered that a particular section was written in an unknown language.

Kaspersky Lab researchers named this unknown section the "Duqu Framework"; they said this demonstrates just how highly skilled the developers are and points to the numerous financial resources involved.

It said that unlike the remainder of Duqu, the Duqu Framework is not really written in C++ and isn't compiled with Microsoft's Visual C++ 2008. Kaspersky Lab researchers have confirmed that the language is object-oriented and performs its own set of related activities which are suitable for network applications.

Alexander Gostev, chief security expert at Kaspersky Lab, said: “Given the dimensions of the Duqu project, it's possible that a wholly different team was chargeable for creating the Duqu Framework versus the team that created the drivers and wrote the system-infection exploits.

“With the extremely high level of customisation and exclusivity that the programming language was created with, it also includes possible that it was made not just to avoid external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but in addition to maintain it break free other internal Duqu teams who were accountable for writing the extra parts of the computer virus.”

Kaspersky Lab has appealed to the programming community and asks anyone who recognises the framework, toolkit or the programming language and may generate similar code constructions to contact its researchers.