Duqu Designed By ‘Old School’ Programmers, Kaspersky Says

Computer virus analysts recently called on help from the programming community to identify the programming language used in the mysterious Duqu virus, and what was discovered suggests that the malware’s creators are experts–and, apparently, old-school.

Earlier in the month, Kaspersky Labs posted an analysis on the Duqu virus on the company’s blog. When going over the mysterious Duqu virus’ code, security researchers spotted a block of code that appeared to be a previously unseen programming language. Turns out, it’s an old programming language.

C++ is largely used throughout Duqu’s source code, but researchers were stumped when they ran across Duqu’s C&C communications module, which appeared to be written in an entirely different programming language. After reaching out to the programming community, Kaspersky Labs concluded that the language used in this particular block of code is Object Oriented C (OO C), a “custom extension to the C programming language.”

It’s relatively uncommon to see OO C utilized in this day and age, which leads Kaspersky Labs’ Igor Soumenkov to believe that whoever behind it is an expert, and has been for quite a long time.

“All the conclusions above indicate a rather professional team of developers, which appear to be reusing older code written by top “old school” developers,” Soumenkov writes. “Such techniques are normally seen in professional software and almost never in today’s malware. Once again, these indicate that Duqu, just like Stuxnet, is a “one of a kind” piece of malware which stands out like a gem from the large mass of “dumb” malicious program we normally see.”