Duqu Trojan attacks tracked on the Internet

Some time later, the Duqu Trojan malware increasingly popular as a dangerous scouting intelligence. Duqu was first discovered in September 2011. However, according to Kaspersky Lab, Duqu traces have been tracked since August 2007. Anti-malware experts Kaspersky Lab discovered that Duqu Trojan is written in the programming language that is not known.

Duqu is a sophisticated Trojan that was created by the same people who made Stuxnet. This malware has backdoor goal as a system and facilitate the theft of confidential data.

The experts noted Kaspersky biggest victims in Iran. Duqu generally find information regarding production management systems in various industry sectors, as well as information about trade relations between several companies in Iran.

Duqu Trojan greatest mysteries unsolved is how the program communicates with the server Command and Control (C & C) when the victim managed to infect. Duqu module whose role is to interact with the C & C is part of the payload DLL Duqu.

After a comprehensive analysis of the payload DLL, Kaspersky Lab researchers found there was a special section in the payload DLL, specifically to communicate with the C & C, written in a programming language that is not known. Kaspersky Lab researchers call this unknown part as “Duqu Framework”.

Unlike other Duqu, Duqu Framework was not written with C + + and compiled with Visual C + + 2008 Microsoft. Possible creators using the framework in-house to produce intermediary C code, or use a programming language that is completely different. However, Kaspersky Lab researchers have argued that the language is object-oriented and conducted a number of operations in accordance with the application network.

Language Framework Duqu very special and allows the payload DLL to operate independently with other Duqu module and connect it to the C & C through several channels such as Windows HTTP, network sockets and a proxy server.

It also allows the payload DLL request processing HTTP server directly from C & C, secretly move duplicate information stolen from the infected to the C & C, can even distribute payload other hazardous into other devices in the network, and create forms of control and latency spreading infection to other computers.

“Given the scale of the project Duqu, Duqu framework may make a separate team is different from the group that created the driver, and a writing system that exploited infection,” said Alexander Gostev, Chief Security Expert at Kaspersky Lab, as quoted in the release.

“Given the high level of customization and exclusivity on the programming language was created, it is possible the program was created not only to prevent outsiders know spy operations cyber and its interaction with the C & C, but also to distinguish it from internal groups Duqu others who are responsible for writing Another part of this program, “said Gostev.

According to Alexander Gostev, creating its own programming language showed how high the ability of the developers of the program in this project, and demonstrates the ability of financial and human resources are mobilized to ensure the project runs.