March 09, 2012, 11:18 AM —
Similar to Stuxnet, the Duqu Trojan attacks industrial systems. But researches can't get a handle on the language used.
Kaspersky researchers have been working to crack the Duqu Trojan for months, and have now released code samples asking the programming community for help. They know some of the program was written in C++, but much was written in an unidentified language. And the closer they look, the more it seems the Duqu Trojan was meant to infect industrial systems, as was Stuxnet, but steal information rather than break nuclear centrifuges like Stuxnet.
Programmers, never short of opinions, have suggested Assembler, old compiler code from earlier C++ compilers, or some custom libraries died into the compiler. Evidence suggests a large team of programmers wrote the code, much like Stuxnet. Just like Stuxnet, the Duku Trojan is aimed at Iran's nuclear facilities, but was first sighted years earlier than Stuxnet, in 2007.
It's Assembly Language, I'd recognize it anywhere. Looks like it is using an inline assembler, like the old Borland C, Delphi or similar.
MIBovrd on zdnet.com
The calling conventions are non-conventional with parameters being assigned to different registers. Almost like hand coded assembly with object based programming techniques.
Bruizer on zdnet.com
Almost have to think that Israel is behind this if it is that advanced (i.e. "State" and if it is likely to be disruptive technology aimed at Iran.
jkohut on zdnet.com
The likely suspects fitting that set of criteria are IBM, Microsoft, SAS and SAIC. All the others (remnant AT T, HP, remnant SGI... who am I forgetting?) incorporate a considerable amount of fairly recognizable shared compiler code in their offerings.
SCooke on securelist.com
Re: Any of US have a clue? Yep.