Skip to main content

New Duqu Variant Found, Malware Employs “Old School” C

Duqu, the trojan thought to be developed via the same platform which birthed the Iran-attacking Stuxnet, is still alive and well.

Its developers are still actively tweaking the malware, which consists of multiple drivers and modules. The trojan is particularly sophisticated in that these different modules can be adapted and designed to attack specific targets.

The Symantec security response team noted on its blog page: "We recently received a file that looked very familiar. A quick investigation showed it to be a new version of W32.Duqu. The file we received is only one component of the Duqu threat however - it is the loader file used to load the rest of the threat when the computer restarts (the rest of the threat is stored encrypted on disk)."

The post continued: "The compile date on the new Duqu component is February 23, 2012, so this new version has not been in the wild for very long. Checking the code we can see the authors have changed just enough of the threat to evade some security product detections, although this appears to have only been partially successful."

According to a Reddit user has also helped another security firm, Kaspersky Lab, to resolve a further mystery - the identity of the language that a core section of Duqu (which controlled its command and control function) was written in.

Apparently, that language is old school object-oriented C, meaning the developers are likely to be old-school programmers, given that they plumped for this route rather than C++, or other popular malware languages.

Indeed, Duqu seems to have been developed by a large team of professional programmers - who may not necessarily have known what the different parts added up to. It's clear that Duqu is far from your average piece of malware, and equally clear it's still a potential threat to global security.