Ads 468x60px


Sunday, April 8, 2012

Trojan Duqu, Advanced Trojan with Mysterious Script

Trojan Duqu successful sabotage Iran's nuclear facilities are written in a programming language that is not known. It was discovered by anti-malware experts Kaspersky Lab in a research.

Duqu a sophisticated trojan that was created by the same people who make Stuxnet. This malware has backdoor goal as a system and facilitate the theft of confidential data.

Trojan Duqu biggest mystery unsolved is how the program communicates with the server Command and Control (C & C) is now successfully infect a victim.

Duqu module whose role is to interact with the C & C is part of the payload DLL Duqu. After a comprehensive analysis of the payload DLL, Kaspersky Lab researchers found there was a special section in the payload DLL, specifically communicating with C & C, written in a programming language that is not known.

Kaspersky Lab researchers call this unknown part as "Duqu Framework".

Unlike other Duqu, Duqu Framework is written in C + + and compiled with Visual C + + 2008 Microsoft's.

Author Possible uses in-house framework to generate intermediary C code, or use a programming language that is completely different.

However, the researcher Kaspersky Lab has stated that the language is object-oriented and conducted a number of activities in accordance with the application network.

Language Framework Duqu very special and Payload DLL allows to operate independently with other Duqu module and connect it to the C & C through several channels such as Windows HTTP, network sockets and proxy server.

It also allows Payload DLL process the request HTTP server directly from the C & C, secretly move the duplicate information that was stolen from the infected to the C & C, can even distribute the payload other hazardous into other devices in the network, and creates a form of control and the latent spread infection to other computers.

"Given the scale of Duqu project, which may create its own framework Duqu is a different team than the group that created the driver and the writing system that exploited the infection," said Alexander Gostev, Chief Security Expert Kaspersky Lab.

"Given the high level of customization and exclusivity on the programming language was created, it is possible this program was created not only to prevent outsiders know the spying operations cyber and its interaction with the C & C, but also to distinguish it from internal groups Duqu others are responsible for writing the other of this program. "

According to Alexander Gostev, making its own programming language shows how high the ability of the developers working on this project in the program, and demonstrate the ability of financial and human resources are mobilized to ensure the project runs.

Kaspersky experts noted the biggest victims in Iran. Duqu generally looking for information about production management systems in various industrial sectors, as well as information about trade relations between the several companies in Iran.

Kaspersky Lab invites community of programmers or anyone who recognizes the framework, toolkit or programming language unknown to contact Duqu Trojan.

Duqu was first discovered in September 2011. However, according to Kaspersky Lab, the trace Duqu have been tracked since August 2007.

Related Post


Ridlo TaufiQ said...

I like it , GO ON

Anonymous said...

Thanks for visit me have a nice weekend hugs