Kaspersky security researchers analysing the Duqu malware have unexpectedly hit a wall, stumped by code that appears to be written in an unknown programming language, and are now appealing to the public for anyone that might recognise it to come forward.
Kaspersky Lab’s analysis has already revealed that Duqu is likely created by the same authors as Stuxnet, by revealing the similarities between the platforms used to create both trojans. However, in their most recent research, security experts Igor Sourmenkov and Costin Raiu have come across code that doesn’t appear to be written in any language they’ve seen before.
The Duqu trojan uses a dynamic link library (DLL) to communicate with a command and control server after it has infected a victim’s machine. This DLL operates independently of Duqu’s other modules and provides the trojan with several vectors through which it can phone home, such as through an HTTP server, via a proxy or through other network sockets.
It also delivers stolen information from the victim’s machine to the command and control server and enables Duqu to spread to other machines on the network — via redwolf.newsvine.com