mboost-dp1
SXC - flaivoloka
- Forside
- ⟨
- Forum
- ⟨
- Nyheder
bobske2 (3) skrev:Ligner at det er compiled i msvc, men frameworket er nok deres eget
Hvad giver dig det indtryk?
Jeg kan ikke se noget der tyder på det.........
Igor Soumenkov fra Kaspersky har skrevet en ny blogpost om det "ukendte" programmeringssprog.
http://www.securelist.com/en/blog/677/The_mystery_of_Duqu_Framework_solved skrev:The mystery of Duqu Framework solved
In my previous blogpost about the Duqu Framework, I described one of the biggest remaining mysteries about Duqu – the oddities of the C&C communications module which appears to have been written in a different language than the rest of the Duqu code. As technical experts, we found this question very interesting and puzzling and we wanted to share it with the community.
...
So, what does that mean? In short, there are two very probable answers to our initial question:
1. The code was written using a custom OO C framework, based on macros or custom preprocessor directives. This was suggested by your comments, because it is the most common way to combine object-oriented programming with C.
2. All the code was written in OO C manually, without any extensions to the language. We can’t deny this possibility completely because, technically, it is near impossible to distinguish code written with macro directives from manually copy-pasted code.
...
Conclusions
- The Duqu Framework consists of “C” code compiled with MSVC 2008 using the special options “/O1” and “/Ob1”
- The code was most likely written with a custom extension to C, generally called “OO C”
- The event-driven architecture was developed as a part of the Duqu Framework or its OO C extension
- The C&C code could have been reused from an already existing software project and integrated into the Duqu trojan
All the conclusions above indicate a rather professional team of developers, which appear to be reusing older code written by top “old school” developers. Such techniques are normally seen in professional software and almost never in today’s malware. Once again, these indicate that Duqu, just like Stuxnet, is a “one of a kind” piece of malware which stands out like a gem from the large mass of “dumb” malicious program we normally see.
Opret dig som bruger i dag
Det er gratis, og du binder dig ikke til noget.
Når du er oprettet som bruger, får du adgang til en lang række af sidens andre muligheder, såsom at udforme siden efter eget ønske og deltage i diskussionerne.