Security professionals have solved the mystery of the Duqu cyberweapon's programming language, and in doing so have confirmed the long-believed theory, and fear, that its creators are experts.
Analyzing the code, which now seems to have been built using a customized object-oriented version of the venerable programming language C, Igor Soumenkov from Kaspersky Lab concluded that Duqu is the work of "a rather professional team of developers," and drastically different than the routine malware researchers see on a daily basis.
The sophisticated techniques used in Duqu's creation "are normally seen in professional software and almost never in today's malware," Soumenkov said. It's a strong indication that Duqu, "just like Stuxnet, is a 'one of a kind' piece of malware which stands out like a gem from the large mass of 'dumb' malicious programs we normally see."
Discovered last October, Duqu is a close cousin to the infamous Stuxnet worm, and believed to be targeting power and energy facilities in Iran and Europe. Duqu spreads through targeted phishing emails and uses a Trojan "dropper" hidden in a compromised Microsoft Word document to worm its way into PCs.
At the CanSecWest security conference earlier this month, Soumenkov's colleague, Roel Schowenberg, appealed to the audience and the security community to help Kaspersky Lab identify Duqu's unique programming language.
The invitation worked: Soumenkov wrote that he received more than 200 comments and more than 60 emails with suggestions and hypotheses about Duqu's framework.