A previously mysterious portion of the Duqu trojan, said to be related to the notorious Stuxnet worm, was written in a customised version of the popluar programming language C, Russian IT security firm Kaspersky Lab has discovered.
Duqu was first found by Symantec on the IT systems of European engineering companies last year. It is reportedly designed to steal blueprints for engineering systems that might reveal potential security vulnerabilities.
Last month, Russian IT security firm Kaspersky Lab said that it had discovered that the trojan’s command and control server software, which directs the trojan from outside the infected network, was written in "unknown code".
At the time, the company’s security research chief said the "high level of customisation [of Duqu] and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation … but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”
Kaspersky Lab called on information security experts to help identify the code, and this week announced that it had found an answer. The mysterious portion of the trojan was written in ‘object orientated C’ (OOC), it found.
Security researcher Vitaly Kamluk said that use of OOC suggests that the developers who wrote Duqu were likely to be older and used to writing programs in C. "It’s what they were familiar with," he said.
Interesting Links
Paul Jensen of software development analysis company TIOBE told Information Age that Kaspersky’s discovery that OOC was used in Duqu was "legitimate". However, the conclusion that this means the software was necessarily written by older developers is "untrue", he said.
"There are many younger developers around the world that master and program in C nowadays," Jensen said. "Think of developing games and embedded software systems; hence it’s second place in our TIOBE index [of most commonly used programming languages]."
Jensen clarified that the custom, objected-oriented extension of C referred to by Kaspersky is not a reference to Objective-C but, "probably some home made small [object orientated] library. Usually this is just a bunch of macros to redefine the C language a little".