The Duqu Trojan which some believe is a relative of the Stuxnet worm used to attack Iran was partly programmed in Object-Oriented C (OOC) by a traditional “old school” enterprise programming team, Kaspersky Lab researchers have concluded.

Kaspersky has spent months analysing Duqu in the hope of unravelling its mystery, only two weeks ago hitting a blank with a section of payload code that appeared to have been written in an unknown programming language.

After an appeal to the developer community for help, the answer they have come up with throws up yet more questions about Duqu’s baffling provenance.

According to Kaspersky, the mystery code section was written in a custom object-oriented C framework, a format never before encountered in the company’s analyses of cybercriminal malware. The compiler used was Microsoft Visual C 2008, optimised to produce a small footprint.

If this sounds slightly arcane, the inferences that can be drawn from it could be hugely significant in understanding the origins and purpose of the most perplexing family of malware ever discovered.

Source: Lates News in Online Security