Duqu Trojan code confounds researchers

Similar to Stuxnet, the Duqu Trojan attacks industrial systems. But researches can't get a handle on the language used.

Kaspersky researchers have been working to crack the Duqu Trojan for months, and have now released code samples asking the programming community for help. They know some of the program was written in C++, but much was written in an unidentified language. And the closer they look, the more it seems the Duqu Trojan was meant to infect industrial systems, as was Stuxnet, but steal information rather than break nuclear centrifuges like Stuxnet.

Programmers, never short of opinions, have suggested Assembler, old compiler code from earlier C++ compilers, or some custom libraries died into the compiler. Evidence suggests a large team of programmers wrote the code, much like Stuxnet. Just like Stuxnet, the Duku Trojan is aimed at Iran's nuclear facilities, but was first sighted years earlier than Stuxnet, in 2007.

Code conversations

It's Assembly Language, I'd recognize it anywhere. Looks like it is using an inline assembler, like the old Borland C, Delphi or similar.

MIBovrd on zdnet.com

The code your referring to .. the unknown c++ looks like the older IBM compilers found in OS400 SYS38 and the oldest sys36.

As400tech on securelist.com

The calling conventions are non-conventional with parameters being assigned to different registers. Almost like hand coded assembly with object based programming techniques.

Bruizer on zdnet.com

Conspiracy theories

Almost have to think that Israel is behind this if it is that advanced (i.e. "State" and if it is likely to be disruptive technology aimed at Iran.

jkohut on zdnet.com

The likely suspects fitting that set of criteria are IBM, Microsoft, SAS and SAIC. All the others (remnant AT T, HP, remnant SGI... who am I forgetting?) incorporate a considerable amount of fairly recognizable shared compiler code in their offerings.

SCooke on securelist.com

Re: Any of US have a clue? Yep. Mossad

robertsgt40 on theregister.co.uk

Peanut gallery

The letters are Elvish, but the language is that of Mordor...

TRT on theregister.co.uk

The only previous known use of the language was when Jeff Goldberg wrote a quick hack on his PowerBook and uploaded it to the alien mothership.

FatsBrannigan on theregister.co.uk

Re: It's O B V I O U S. Thetan eh? The manuals must cost a forune - and in several volumes.

It's all Clear(tm) to me now.

Elmer Phud on theregister.co.uk

Secret code no one can identify, unknown creators, aimed to disrupt a foreign government doing things it shouldn't, and references to Scientology in the comments. Is this a teaser for another Mission:Impossible movie?

For the latest IT news, analysis and how-tos, follow ITworld on Twitter, Facebook, and Google+.

Now read this:

Developer declares 'I am done with the Freemium Business Model'

Khan Academy offers JavaScript as their first computer language

Study says Facebook profile can predict job performance

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon