Kaspersky Lab researchers have determined the programming language used to generate the code for the DuQu virus' communications functions.
Most of the code for DuQu was written in C++ and compiled with Microsoft's Visual C++ 2008, although the code for a component that communicates with command-and-control servers and downloads and executes additional payload modules does not. That part of DuQu was so mysterious the researchers published a blog post asking programmers to help them determine what language was used to write the communications component.
Two people responded to the posting by saying the code seemed to be generated from a custom object-oriented C dialect and that special extensions were used. The researchers then tested a number of combinations of compiler and source codes and found that C code compiled with Microsoft Visual Studio Compiler 2008 using options 01 and Ob1 in the compiler produced binary that was the same style as what was used in DuQu.
Kaspersky's researchers say the discovery tells them the people behind DuQu were coders who preferred to use older programming techniques and the use of C instead of C++ indicates the programmers wanted to ensure that DuQu would run on servers, mobile phones, or other devices.
From Wired News
View Full Article
Abstracts Copyright © 2012 Information Inc. , Bethesda, Maryland, USA