Hey Frenzz...
Some time ago, "Kaspersky Lab" addressed to the community of programmers for help in solving one of the most difficult tasks associated with the study of the Trojan Duqu: determination of an unknown piece of code, which is located inside the library with its main source (Payload DLL). Russian Hackers reported dat it Designated as anti-virus experts framework Duqu, this fragment is part of the Payload DLL is responsible for interaction with the server command (C & C) after infection, the victim computer.
After analyzing a large number of messages received from programmers all over the world, experts "Kaspersky Lab" came to the conclusion that Duqu framework consists of source code written in C, compiled and optimized using the Microsoft Visual Studio 2008. In addition, the development used object-oriented add-in C (G C). This style of programming is inherent in serious "civil" software projects and is not found in today's malware.
The exact answer to the question as to why the framework Duqu used OO C, not C + + has not yet been found. However, according to experts "Kaspersky Lab" most probable reasons may be the following:
* Greater control over the code. When there was C + + language, many programmers are "old school" abandoned its use because of the implicit memory management, and complex structures, causes an implicit code execution. With the GS ensures the availability of a more stable framework is less likely to unpredictable behavior.
* High compatibility. For many years there was no common standard for all compilers, C + +, because of what could be problems of compatibility with compilers from different vendors. Using the C language allows you to write code for any existing platform and has no limitations of C + +.
"Our study, in which the important role played by our colleagues, programmers, gives every reason to believe that the code was written by a team of experienced developers of the" old school ". Their goal was to create easily modifiable and portable platform for cyber attacks. This code could be used earlier and later modified and used in the Trojan Duqu, - Igor Sumenkov sure, anti-virus expert "Kaspersky Lab". - This technique is commonly used high-end professional developers, and almost never occurs in conventional malicious programs. "
Some time ago, "Kaspersky Lab" addressed to the community of programmers for help in solving one of the most difficult tasks associated with the study of the Trojan Duqu: determination of an unknown piece of code, which is located inside the library with its main source (Payload DLL). Russian Hackers reported dat it Designated as anti-virus experts framework Duqu, this fragment is part of the Payload DLL is responsible for interaction with the server command (C & C) after infection, the victim computer.
After analyzing a large number of messages received from programmers all over the world, experts "Kaspersky Lab" came to the conclusion that Duqu framework consists of source code written in C, compiled and optimized using the Microsoft Visual Studio 2008. In addition, the development used object-oriented add-in C (G C). This style of programming is inherent in serious "civil" software projects and is not found in today's malware.
The exact answer to the question as to why the framework Duqu used OO C, not C + + has not yet been found. However, according to experts "Kaspersky Lab" most probable reasons may be the following:
* Greater control over the code. When there was C + + language, many programmers are "old school" abandoned its use because of the implicit memory management, and complex structures, causes an implicit code execution. With the GS ensures the availability of a more stable framework is less likely to unpredictable behavior.
* High compatibility. For many years there was no common standard for all compilers, C + +, because of what could be problems of compatibility with compilers from different vendors. Using the C language allows you to write code for any existing platform and has no limitations of C + +.
"Our study, in which the important role played by our colleagues, programmers, gives every reason to believe that the code was written by a team of experienced developers of the" old school ". Their goal was to create easily modifiable and portable platform for cyber attacks. This code could be used earlier and later modified and used in the Trojan Duqu, - Igor Sumenkov sure, anti-virus expert "Kaspersky Lab". - This technique is commonly used high-end professional developers, and almost never occurs in conventional malicious programs. "
0 comments:
Post a Comment