back to article MYSTERY programming language found in Duqu

Security researchers are appealing for help after discovering that part of the Duqu Trojan was written in an unknown programming language. Duqu is a sophisticated Trojan reckoned to have been created by the same group behind the infamous Stuxnet worm. While the finely tuned Stuxnet worm was designed to home in on specific …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Coat

What a mystery

"not written in C++ and it's not compiled with Microsoft's Visual C++ 2008".

What a mystery there is something else too.

26
1
Anonymous Coward

Any of US have a clue?

No ideas here.

1
0
Pirate

Re: Any of US have a clue?

Yep. Mossad

6
0
TRT
Silver badge
Holmes

Re: Any of US have a clue?

The letters are Elvish, but the language is that of Mordor...

7
0

Re: Any of US have a clue?

Lisping Rexx?

2
0
Anonymous Coward

It's written in Voynich

It's existence till now has been a closely guarded secret. The only previous known use of the language was when Jeff Goldberg wrote a quick hack on his PowerBook and uploaded it to the alien mothership. From the little that's known, it supposedly combines the readability of Perl, the speed of JavaScript, and the intuitiveness of Haskell.

44
0

Re: It's written in Voynich

Would that be Jeff Goldblum?

1
0
Happy

Re: It's written in Voynich

Or Whoopi Goldblum. Your guess is as good as mine... I liked her in Jurassic Park.

4
0

Re: It's written in Voynich

Except for the bit where she ate that lawyer. Terrifying. Just imagine the gastrointestinal problems you could cause by eating a lawyer.

4
0
jai
Silver badge

a misspelling perhaps?

"Powerful you have become Duqu, the dark side I sense in you."

10
0
Coat

Obviously LOLCode

7
0
Anonymous Coward

It's O B V I O U S.

It's written in Thetan.

7
0
Silver badge

Re: It's O B V I O U S.

Thetan eh?

The manuals must cost a forune - and in several volumes.

It's all Clear(tm) to me now.

5
0
Coat

Intercal?

4
0
Devil

Bah

you beat me to it! I take your intercal and I raise you Malbolge!

0
0
Silver badge
Thumb Up

Or Befunge

A 2D programming language. Loops are real loops! Maybe there is a befunge++ out there

1
0
Facepalm

iron python would be my first stab guess

^ ^

I

V

0
0

Skynet rises!

4
0
Pirate

maybe

object-oriented assembler? Or, hmm, TurboPascal6? That would be cool.

2
0

Re: maybe

TurboPascal6, classic!

Even better would be if it was a ".bat" file lol!

Echo on!

0
0
Thumb Up

Impressive work...

both by Kaspersky AND the baddies.

3
0
Coat

Re: Impressive work...

Yeah, but Kaspersky apparently need help with their addition ....

"The Kaspersky research team has gone some way in unravelling the mystery language used by the Duqu Framework, but still needs addition help."

Should I get my coat or my pedant's hat? Hmmmm

7
0
. 3

Scheme

Reminds me about the story of the supposedly biggest ever deployment of the scheme language was an interpreter some poor techie embedded into his employer's toolbar / adware / malware for the express purpose of detecting rival's malware and disabling it. There was such a constant state of flux between the different camps, a lightweight framework for distributing and executing the day's new rules gave them a huge advantage apparently.

In modern terms though, object orientated and lightweight would suggest Lua. Perhaps the byte code is obfuscated.

1
0
Silver badge
Trollface

Re: Scheme

Igor Soumenkov says it's not Lua.

My money is on some kind of Lisp.

After all: http://www.franz.com/success/customer_apps/animation_graphics/naughtydog.lhtml

"With leading edge game systems like ours, you have to deal with complicated behaviors and real-time action. Languages like C are very poor with temporal constructs. C is just very awkward for a project like this. Lisp, on the other hand, is ideal."

Lateral thoughts: Anyone remember Thierry Breton's "Softwar" Cyberthrilling Cyberpotboiler back from the 80's?

1
2
Coffee/keyboard

Re: Scheme

Scheme!

(cons barf (cons puke (cons vomit)))

0
0

It's Java. Pretty much anything written in Java acts like a virus.

11
5

Cant be cos viruses tend to do something

4
0
WTF?

So AV firms forgot how to read x86 assembly?

Like I'm going to trust these guys with protecting my x86 PC given this skill set.

8
11
Boffin

Re: So AV firms forgot how to read x86 assembly?

Probably Power BASIC. It has great network support and generates tighter binaries than anything except possibly assembly.

1
1
Boffin

Re: So AV firms forgot how to read x86 assembly?

So, you have forgotten how to read English? "These guys" have no problem reading the x86 disassembly and understanding what the code DOES. What they are wondering is what language it was originally written in and compiled from. It definitely wasn't hand-written x86 assembly.

From the looks of it, my guess would be one of the relatively less-widely used object-oriented languages. Maybe compiled Pyhton or Forth... Compiled Perl might be worth looking at, although personally I think it's unlikely.

8
1

Re: So AV firms forgot how to read x86 assembly?

Python is written in C.

It seems very unlikely that a skilled team of programmers relies on a high level programming language made by "average Joe" for a critical piece of code.

1
1
Silver badge

@Vesselin

If they knew what it does then why would the language matter ?

They only seem to know that the code section is used to communicate with the other servers when it has infected a machine. But it sounds to me as if they're not quite sure /how/ it makes it happen.

0
2
Anonymous Coward

Re: @Vesselin

Presumably, the assembly signature is rather abnormal. What's wrong with being curious?

Also, if this is a hand-rolled language created by the baddies, then spotting other malware created by them based on said signature would become a lot easier.

1
0
Mushroom

The point?

This sort of news does not inspire confidence in an already dubious anti-virus industry, that spends more money on market research than anti-virus research and has to call out to the masses: "Help us find out how this was written."

What I would do with actual budget figures from a major AV firm. Even without that information, if they spent more money on AV research than market research, we'd have an off-the-shelf profile-based virus product that can catch this sort of thing before it's written, instead of boxes of the same-old after-the-fact garbage with pictures of Iron Man on the front.

1
0
Silver badge
Coat

Obviously it was written in Forth.

That way when it came time to implement the plan, all they had to do was type:

Go Forth and Conquer!

0
0

of course we cant read it

its written by an A.I. The net has become self aware, and is looking for ways to pwn us.

2
0
Go

Re: of course we cant read it

No, it's the Puppetmaster trying to build itself a body.

5
0
Silver badge

Not FORTRAN or COBOL then?

Realistically, given the likely provenance of these babies, if I was running the project then the first thing I'd do would be write a language specifically for them ... after all, if it's a government project then money isn't going to be a big issue. And a virus^H^H^H^H^H payload specific language would offer significant advantages.

4
0
Silver badge

Re: Not FORTRAN or COBOL then?

> a payload specific language would offer significant advantages.

But which ones? Why not use libraries + some macro language that you can just pass through ANTLR?

1
0
Anonymous Coward

It's probably C++

But written to be parsed right to left ...

3
1

Re: It's probably C++

If it's parsed right to left, does that make it C-- or ++C?

8
0
WTF?

Remember the rumors that Stuxnet was written by the US military, CIA, etc.?

Knowing what I know about the history of US Dept of Defense computing, my bet is that it's written in Ada!

4
0

Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?

From what little I remember about Ada when I took the class, was that it was not a compiler, not an interpreter, but a translator, which spit out FORTRAN on the IBM 4361. What a joke. One Ada run took 8 minutes to complete and if more than one was running, it was more like 20 minutes.

I was going to speculate before I read the article. Then I thought, if it's really that obscure, those spooks just want to know if anyone has knowledge about it, so they can interrogate^H^H^H^H^H^H^H^H^H^H question the person about whether or not they had anything to do with writing the actual code (!)

0
3
Silver badge
Childcatcher

Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?

When was that class you took? Late 80's?

I'm sure there are pretty good Ada Compilers around now.

1
0
Silver badge

Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?

@Destroy All Monsters: Yes there are! Once ADA runtimes emerged that actually used O/S facilities like threads instead of re-creating those things for themselves, ADA got a *lot* better. From what I vaguely remember, Greenhills ADA on VxWorks was pretty decent indeed.

I can remember the problems that a bunch of colleagues had in the very early '90s with ADA (on Vax I think). The application they'd written was too large for any of the ADA runtimes of the day to actually run. I never found out if they ever got it going...

1
0
Silver badge

Re: Remember the rumors that Stuxnet was written by the US military, CIA, etc.?

I think you must be going back a long way. I don't know if early Ada was ever implemented as a translator to Fortran, but I'm pretty certain by Ada 95 (when I was learning it), it had its own compiler that did not go via Fortran. I think performance between Ada 95 and Fortran was comparable. In any case, the reason you used Ada wasn't for speed but because its safety features meant your code was "provably" correct. (Just don't mention the Arianne 5 explosion).

I seriously doubt anyone has written the core of a virus in Ada. Though I would be amused to be proved wrong.

0
0
Silver badge
Big Brother

> I seriously doubt anyone has written the core of a virus in Ada.

Well, you would say that, wouldn't you?

1
0
Holmes

Easy

Brainfuck translated to INTERCAL and then to C++

1
0
Devil

What about...

MUMPS? That's pretty damn unreadable

2
1

Re: What about...

Back in the DSM-11 days, maybe... but that was oh so long ago... you'd hardly recognise it now

0
0

Page:

This topic is closed for new posts.

Forums