When Kaspersky Labs analysed the Duqu Trojan early last month, they were stumped by a block of code that appeared to be previously unseen programming language. It seems now that the language was not new, but rather an old one. A custom object oriented C framework compiled with MSVC 2008 including options to minimise size and expand only when activated in line.
The Duqu malware that targeted industrial manufacturers around the world contains so many advanced features that it could only have been developed by a team of highly skilled programmers who worked full time, security researchers say.
Indian authorities are investigating a computer server in Mumbai for links to the Duqu malicious software that some security experts warned could be the next big cyber threat.
Web Werks, a Mumbai-based Web-hosting company, said it had given an image of the suspicious virtual private server to officials from the Indian Computer Emergency Response Team (CERT-In), after security firm Symantec Corp found the server was communicating with computers infected with the Duqu virus.
The design similarities between the recently-publicised Duqu malware and the infamous Stuxnet worm that caused widespread alarm more than a year ago have been hugely exaggerated, an analysis by Dell SecureWorks has concluded.
The essence of the company’s strip-down analysis is that despite some common features, Duqu and Stuxnet have been designed to do different jobs, one very targeted, the other more general.
Security vendor Kaspersky Lab has identified infections with the new Duqu malware in Sudan and, more importantly, Iran, the main target of the Trojan's predecessor -- Stuxnet.
Duqu took the security industry by storm last week when the Hungarian research laboratory Crysys shared its analysis of the new threat with the world's top antivirus vendors.
