MYSTERY programming language found in Duqu
Security researchers are appealing for help after discovering that part of the Duqu Trojan was written in an unknown programming language. Duqu is a sophisticated Trojan reckoned to have been created by the same group behind the infamous Stuxnet worm. While the finely tuned Stuxnet worm was designed to home in on specific …
This topic is closed for new posts.
What a mystery
"not written in C++ and it's not compiled with Microsoft's Visual C++ 2008".
What a mystery there is something else too.
Re: Any of US have a clue?
The letters are Elvish, but the language is that of Mordor...
It's written in Voynich
It's existence till now has been a closely guarded secret. The only previous known use of the language was when Jeff Goldberg wrote a quick hack on his PowerBook and uploaded it to the alien mothership. From the little that's known, it supposedly combines the readability of Perl, the speed of JavaScript, and the intuitiveness of Haskell.
Re: It's written in Voynich
Or Whoopi Goldblum. Your guess is as good as mine... I liked her in Jurassic Park.
Re: It's written in Voynich
Except for the bit where she ate that lawyer. Terrifying. Just imagine the gastrointestinal problems you could cause by eating a lawyer.
a misspelling perhaps?
"Powerful you have become Duqu, the dark side I sense in you."
Re: It's O B V I O U S.
Thetan eh?
The manuals must cost a forune - and in several volumes.
It's all Clear(tm) to me now.
Bah
you beat me to it! I take your intercal and I raise you Malbolge!
maybe
object-oriented assembler? Or, hmm, TurboPascal6? That would be cool.
Re: maybe
TurboPascal6, classic!
Even better would be if it was a ".bat" file lol!
Echo on!
Re: Impressive work...
Yeah, but Kaspersky apparently need help with their addition ....
"The Kaspersky research team has gone some way in unravelling the mystery language used by the Duqu Framework, but still needs addition help."
Should I get my coat or my pedant's hat? Hmmmm
Scheme
Reminds me about the story of the supposedly biggest ever deployment of the scheme language was an interpreter some poor techie embedded into his employer's toolbar / adware / malware for the express purpose of detecting rival's malware and disabling it. There was such a constant state of flux between the different camps, a lightweight framework for distributing and executing the day's new rules gave them a huge advantage apparently.
In modern terms though, object orientated and lightweight would suggest Lua. Perhaps the byte code is obfuscated.
Re: Scheme
Igor Soumenkov says it's not Lua.
My money is on some kind of Lisp.
After all: http://www.franz.com/success/customer_apps/animation_graphics/naughtydog.lhtml
"With leading edge game systems like ours, you have to deal with complicated behaviors and real-time action. Languages like C are very poor with temporal constructs. C is just very awkward for a project like this. Lisp, on the other hand, is ideal."
Lateral thoughts: Anyone remember Thierry Breton's "Softwar" Cyberthrilling Cyberpotboiler back from the 80's?
It's Java. Pretty much anything written in Java acts like a virus.
So AV firms forgot how to read x86 assembly?
Like I'm going to trust these guys with protecting my x86 PC given this skill set.
Re: So AV firms forgot how to read x86 assembly?
Probably Power BASIC. It has great network support and generates tighter binaries than anything except possibly assembly.
Re: So AV firms forgot how to read x86 assembly?
So, you have forgotten how to read English? "These guys" have no problem reading the x86 disassembly and understanding what the code DOES. What they are wondering is what language it was originally written in and compiled from. It definitely wasn't hand-written x86 assembly.
From the looks of it, my guess would be one of the relatively less-widely used object-oriented languages. Maybe compiled Pyhton or Forth... Compiled Perl might be worth looking at, although personally I think it's unlikely.
Re: So AV firms forgot how to read x86 assembly?
Python is written in C.
It seems very unlikely that a skilled team of programmers relies on a high level programming language made by "average Joe" for a critical piece of code.
@Vesselin
If they knew what it does then why would the language matter ?
They only seem to know that the code section is used to communicate with the other servers when it has infected a machine. But it sounds to me as if they're not quite sure /how/ it makes it happen.
Re: @Vesselin
Presumably, the assembly signature is rather abnormal. What's wrong with being curious?
Also, if this is a hand-rolled language created by the baddies, then spotting other malware created by them based on said signature would become a lot easier.
The point?
This sort of news does not inspire confidence in an already dubious anti-virus industry, that spends more money on market research than anti-virus research and has to call out to the masses: "Help us find out how this was written."
What I would do with actual budget figures from a major AV firm. Even without that information, if they spent more money on AV research than market research, we'd have an off-the-shelf profile-based virus product that can catch this sort of thing before it's written, instead of boxes of the same-old after-the-fact garbage with pictures of Iron Man on the front.
Obviously it was written in Forth.
That way when it came time to implement the plan, all they had to do was type:
Go Forth and Conquer!
of course we cant read it
its written by an A.I. The net has become self aware, and is looking for ways to pwn us.
Re: of course we cant read it
No, it's the Puppetmaster trying to build itself a body.
Not FORTRAN or COBOL then?
Realistically, given the likely provenance of these babies, if I was running the project then the first thing I'd do would be write a language specifically for them ... after all, if it's a government project then money isn't going to be a big issue. And a virus^H^H^H^H^H payload specific language would offer significant advantages.
Re: Not FORTRAN or COBOL then?
> a payload specific language would offer significant advantages.
But which ones? Why not use libraries + some macro language that you can just pass through ANTLR?
It's probably C++
But written to be parsed right to left ...
Re: It's probably C++
If it's parsed right to left, does that make it C-- or ++C?
Remember the rumors that Stuxnet was written by the US military, CIA, etc.?
Knowing what I know about the history of US Dept of Defense computing, my bet is that it's written in Ada!
Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?
From what little I remember about Ada when I took the class, was that it was not a compiler, not an interpreter, but a translator, which spit out FORTRAN on the IBM 4361. What a joke. One Ada run took 8 minutes to complete and if more than one was running, it was more like 20 minutes.
I was going to speculate before I read the article. Then I thought, if it's really that obscure, those spooks just want to know if anyone has knowledge about it, so they can interrogate^H^H^H^H^H^H^H^H^H^H question the person about whether or not they had anything to do with writing the actual code (!)
Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?
When was that class you took? Late 80's?
I'm sure there are pretty good Ada Compilers around now.
Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?
@Destroy All Monsters: Yes there are! Once ADA runtimes emerged that actually used O/S facilities like threads instead of re-creating those things for themselves, ADA got a *lot* better. From what I vaguely remember, Greenhills ADA on VxWorks was pretty decent indeed.
I can remember the problems that a bunch of colleagues had in the very early '90s with ADA (on Vax I think). The application they'd written was too large for any of the ADA runtimes of the day to actually run. I never found out if they ever got it going...
Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?
I think you must be going back a long way. I don't know if early Ada was ever implemented as a translator to Fortran, but I'm pretty certain by Ada 95 (when I was learning it), it had its own compiler that did not go via Fortran. I think performance between Ada 95 and Fortran was comparable. In any case, the reason you used Ada wasn't for speed but because its safety features meant your code was "provably" correct. (Just don't mention the Arianne 5 explosion).
I seriously doubt anyone has written the core of a virus in Ada. Though I would be amused to be proved wrong.
> I seriously doubt anyone has written the core of a virus in Ada.
Well, you would say that, wouldn't you?
Re: What about...
Back in the DSM-11 days, maybe... but that was oh so long ago... you'd hardly recognise it now
This topic is closed for new posts.
