Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Seek Help In Solving DuQu Mystery Language

samzenpus posted more than 2 years ago | from the rosetta-stone-wanted dept.

Security 131

An anonymous reader writes "DuQu, the malicious code that followed in the wake of the infamous Stuxnet code, has been analyzed nearly as much as its predecessor. But one part of the code remains a mystery, and researchers are asking programmers for help in solving it. The mystery concerns an essential component of the malware that communicates with command-and-control servers and has the ability to download additional payload modules and execute them on infected machines."

cancel ×

131 comments

Sorry! There are no comments related to the filter you selected.

It says... (5, Funny)

Anonymous Coward | more than 2 years ago | (#39279511)

NSA Property, Keep Out.

Re:NSA (5, Insightful)

TaoPhoenix (980487) | more than 2 years ago | (#39280471)

Actually, I'll reverse the joke and gun for +1 Insightful.

Ready?

Literally why does this story even exist? This code takes out nuclear reactors and "researchers ask programmers for help"? Really?! (Does "Ask" imply they want the answer FREE?!)

So the Dept of Homeland Security is busy helping yank down file share sites and they have no time for this?

Ladies and Gentlemen and AI's, this is your answer to why we're spiralling into a mess.

Re:NSA (2, Informative)

Anonymous Coward | more than 2 years ago | (#39280523)

DHS, conspiracy theories aside, is likely conducting their own investigation into DuQu, the details of which are unlikely to be shared with the general public. TFA is about Kaspersky Labs, an independently owned security firm, asking for help from the general public.

Re:NSA (1)

Forty Two Tenfold (1134125) | more than 2 years ago | (#39282139)

DHS, conspiracy theories aside, is likely conducting their own investigation into DuQu

No need for that unless they snuffed the original developer before securing the relevant docs.~

Re:NSA (4, Funny)

lennier (44736) | more than 2 years ago | (#39282655)

DHS, conspiracy theories aside, is likely conducting their own investigation into DuQu

No need for that unless they snuffed the original developer before securing the relevant docs.~

Hey, everyone makes mistakes. That drone was supposed to have been loaded with tranquilizer darts, not Hellfires. Boy, there were some red faces in the office when we found out what happened.

Re:NSA (5, Insightful)

Baloroth (2370816) | more than 2 years ago | (#39280821)

Literally why does this story even exist? This code takes out nuclear reactors and "researchers ask programmers for help"? Really?! (Does "Ask" imply they want the answer FREE?!) So the Dept of Homeland Security is busy helping yank down file share sites and they have no time for this?

Why would DHS have anything to do with this? DuQu so far hasn't done anything to American interests (in fact, so far as I can tell, it has helped them). The people in TFA looking at the code are Kaspersky: a Russian anti-virus company. They don't even recognize the language the code is written in, much less how it works, and they are wondering if anyone of the billions of people on the Internet knows (specifically, if it is a a specialized language used in some niche industry or something). If no one does, they can be pretty sure it was a custom created language, and proceed accordingly. They aren't asking for someone to do their work for them: they are saying "hey, this look like anything anyone knows?" DHS might be looking at it too, if they didn't create it: but the story has absolutely nothing whatsoever to do with them, in any way. Not even the same continent.

Also, I don't know where you got "takes out nuclear reactors." Stuxnet did damage to nuclear centrifuges. AFAICT all DuQu seems to be doing is stealing data (private keys, actually). Bad for people who get infected, yes. Not like it is causing nuclear meltdowns or something.

Re:NSA (0)

Anonymous Coward | more than 2 years ago | (#39281975)

Getting public help on the problem helps lead them to the creators or supporters. It is a simple way of studying a social network.

Wrong. (1)

shuttah (2475982) | more than 2 years ago | (#39282577)

"This code takes out nuclear reactors and "researchers ask programmers for help"? Really?!"

No, no DuQu does not, and has never attempted to, 'take out nuclear reactors.' That was a different piece of malware.

It would benefit us all - as well as yourself - if before you commented you educated yourself on the subject of the submitted story.

Re:It says... (5, Interesting)

Beardo the Bearded (321478) | more than 2 years ago | (#39280485)

It looks to me to be the output from the PLC compiler. Clear, count, and compare are basic ladder logic commands.

If you figure out which PLCs the Iranians are using that'll give you the compiler; each brand has its own and you're really unlikely to see it if you haven't used it. How many people here have used DirectSoft? Have you seen Schneider's programming interface?

That would explain why the researchers haven't seen it. You rarely use PLCs outside of industry.

Re:It says... (1)

uhuru_meditation (2573595) | more than 2 years ago | (#39281859)

SIEMENS PLC..

Looks like the SCADA variant (2)

Taco Cowboy (5327) | more than 2 years ago | (#39282013)

I only took a glance so don't blame me if I am wrong, but it looks like the SCADA variant

More info available at http://en.wikipedia.org/wiki/SCADA [wikipedia.org]

Re:It says... (2)

chinton (151403) | more than 2 years ago | (#39280743)

No, it says "Seatec Astronomy".

Re:It says... (1)

bl968 (190792) | more than 2 years ago | (#39282923)

It's actually \|/

Mystery Code (4, Funny)

Oswald McWeany (2428506) | more than 2 years ago | (#39279541)

The mystery code isn't really much of a mystery- it's just how Duqu communicates with the sith lord.

Re:Mystery Code (0)

Anonymous Coward | more than 2 years ago | (#39279659)

The mystery code isn't really much of a mystery- it's just how Duqu communicates with the sith lord.

The apprentice or the master? Just wondering if we have to go to Bush or Cheney for more details. I'm hoping for the latter, or it will be more like a conversation with Yoda.

Re:Mystery Code (0)

Anonymous Coward | more than 2 years ago | (#39279927)

In your example WHO is the apprentice and WHO is the master. Is Bush the apprentice or is Cheney the apprentice?

Cheney was only Vice President- but he seemed to be the one calling the shots.

Re:Mystery Code (1)

mcgrew (92797) | more than 2 years ago | (#39280133)

Besides, I thought Obi Wan killed DuQu?

Re:Mystery Code (0)

Anonymous Coward | more than 2 years ago | (#39280239)

No no. You got it wrong. Anakin killed DuQu, not Obi Wan.

Re:Mystery Code (2)

dougisfunny (1200171) | more than 2 years ago | (#39281639)

Anakin actually killed both DuQu and Obi Wan.

Re:Mystery Code (2)

ericloewe (2129490) | more than 2 years ago | (#39280491)

You must be quoting that mythical Star Wars prequel trilogy that somehow spread around like wildfire. Good thing it's just a myth.

Re:Mystery Code (1)

steelfood (895457) | more than 2 years ago | (#39282891)

Sounds insidious.

So, we meet at last.... (0)

Anonymous Coward | more than 2 years ago | (#39279545)

So, we meet at last Count DuQu.
I think we should just cut to the chase and ask George Lucas totell us whether DuQu or Stuxnet shot first.

Re:So, we meet at last.... (1)

Spy Handler (822350) | more than 2 years ago | (#39280539)

My powers have doubled since the last time we met, DuQu!

Looks like assembly to me (0)

Anonymous Coward | more than 2 years ago | (#39279575)

I kid, I kid...

Re:Looks like assembly to me (3, Insightful)

PPH (736903) | more than 2 years ago | (#39279869)

I kid, I kid...

Why? Its entirely possible that this snippet of code is a piece of in-line assembly. It may have started out coming from some higher level language, but been tweaked or completely rewritten in assembly and its origin is no longer recognizable.

Re:Looks like assembly to me (3, Insightful)

forkfail (228161) | more than 2 years ago | (#39279937)

Or even self modifying assembly....

That would be a real pisser to figure out.

Any sucker (4, Funny)

AliasMarlowe (1042386) | more than 2 years ago | (#39280391)

Any sucker can tell it was written in Linda [wikipedia.org] .

Re:Any sucker (1)

PPH (736903) | more than 2 years ago | (#39282665)

Well, I couldn't tell. Because I'm the suckee, not the sucker.

Seriously, that would be kind of disturbing. A virus written using a distributed memory, multi-processor model. The more systems it infects, the more powerful it gets and the larger the problems it can handle.

Re:Looks like assembly to me (0)

Anonymous Coward | more than 2 years ago | (#39282643)

Why it's all the same code, in fact pure assembly is way cleaner and simpler to disassemble than code from a high level arena!

 

Re:Looks like assembly to me (2)

v1 (525388) | more than 2 years ago | (#39282647)

I don't understand why they are avoiding this option like the plague. C'mon... practically every compiler compiles its language into assembly and runs that through an assembler for final object code creation. (tho some will then run THAT through an optimizer etc) There's absolutely no reason for them to insist it can't be written in native assembler. I wrote many things for the 6502 that way - if you want it fast and small, that's the way to go.

And sorry, if they have to reverse it back into C++ or some other higher level language to figure out what it does, they're idiots, no better than script kiddies. I don't care of they have ten CS masters degrees. Assembly just takes a little more time to work out, it's not like it's encrypted and they don't have the key.

None of this should come as a surprise to anyone. The authors are black-hats. They make their living on buffer overflows and bug exploitation, they damn well know how to code in assembly, and specifically how to tear it apart and analyze it in fine detail. Why can't these "experts" do that?

Re:Looks like assembly to me (2)

Brett Buck (811747) | more than 2 years ago | (#39283001)

I think most are missing the point. They probably already know what it does (if they don't, given the effort they have expended, then they are boobs). What they want to do is find what the language was *in order to track down the authors* on the premise that it was some strange language only used in a few places and if they find it, they can narrow the range of likely candidates .

easy (1)

P-niiice (1703362) | more than 2 years ago | (#39279615)

hmmm yes, your average script kiddie can totally create a custom language and totally stump the entire computing universe. my daughter did it last week while looking for proxies to get around my facebook ban. no government needed!

Re:easy (0)

Anonymous Coward | more than 2 years ago | (#39279711)

...except that this wasn't written by your average "script kiddie".

Re:easy (0)

Anonymous Coward | more than 2 years ago | (#39280283)

Yeah, it was obvs written by the daughter of P-niice. Nice detective work there, AC.

Re:easy (0)

Anonymous Coward | more than 2 years ago | (#39280623)

If you think DuQu was written by "your average script kiddie", or that DuQu was written any "script kiddie", then I have a great deal on some kosher seafront land in Florida that has your name all over it!

Re:easy (1)

Havokmon (89874) | more than 2 years ago | (#39280689)

You mean you're not already running a squid/dansguardian box with NTLM auth locally and blocking all other Internet access? :)

Probably written in INTERCAL (1)

el borak (263323) | more than 2 years ago | (#39279783)

Learned INTERCAL [wikipedia.org] from Guy Steele in the Comparative Languages course at CMU.

Assembly? (0)

Anonymous Coward | more than 2 years ago | (#39279799)

Have they thought about the possibility that this was custom assembly programming and not some high level language at all?

Re:Assembly? (2)

Qzukk (229616) | more than 2 years ago | (#39280095)

Who would be insane enough to write OO code in assembly?

Re:Assembly? (2)

Surt (22457) | more than 2 years ago | (#39280201)

My dad did. Maybe he's behind this. But he was a first generation programmer. Trying to get him to move on from assembly was a pointless endeavor.

Re:Assembly? (1)

Ohrion (814105) | more than 2 years ago | (#39280299)

I'm sure he did write assembly. But Object Oriented assembly? Come on now...

Re:Assembly? (1)

Surt (22457) | more than 2 years ago | (#39280401)

No seriously. When OO became a fad he figured out how to build up macros to support an OO model.

Re:Assembly? (1)

Minwee (522556) | more than 2 years ago | (#39280417)

Right. That limits the suspects to... um... just about anyone who took a second-year computer science course above the level of "See Spot Run".

Re:Assembly? (1)

Mr Z (6791) | more than 2 years ago | (#39280427)

It's out there. I remember reading about a engine control algorithm running on a 68HC16 microcontroller in Circuit Cellar Ink back in the mid-90s, and it was written in object oriented assembler. It caught me so off-guard that I still remember it almost 20 years later.

Re:Assembly? (1)

19thNervousBreakdown (768619) | more than 2 years ago | (#39280483)

Why's that so hard to believe? I've been programming almost exclusively in object-oriented languages for 15 years now, give or take. Chances are no matter what language I write in, whatever I write is going to include many object-oriented features. If I was working with a complex assembly project, a type system would be one of the first things I came up with. From there, it's not much of a stretch to imagine you'd want to associate data with instances of that type, and functions that can operate on them. Bam! Object-oriented assembly. Private members and inheritance are just small steps from there.

Re:Assembly? (1)

rev0lt (1950662) | more than 2 years ago | (#39280699)

Or just consider that the Borland Turbo Assembler did have "native" OO support, and that there are a ton of MASM OO macros than can be somewhat easily adapted to any modern assembler.

Re:Assembly? (0)

Anonymous Coward | more than 2 years ago | (#39281049)

You don't have to use an object oriented language to do object oriented programming, it just makes it easier to do so. On the Fidonet 80XXX echo back in the early '90s there was a tutorial series on writing generic object oriented x86 assembly. On the other hand, Borland's TASM assembler also supported OOP natively. [lynchburg.edu]

Seriously! (5, Insightful)

HiggsBison (678319) | more than 2 years ago | (#39282761)

I'm sure he did write assembly. But Object Oriented assembly?

I'm incredulous that you are incredulous. I thought I saw a book about that somewhere. So I walked over to my tall stack of random language books and there it is:
Object-Oriented Assembly Language, Len Dorfman, McGraw-Hill, 1990

I hereby thwack you upside the head.

Re:Assembly? (1)

SmurfButcher Bob (313810) | more than 2 years ago | (#39280365)

> from assembly was a pointerless endeavor.

ftfy.

Re:Assembly? (1)

Nadaka (224565) | more than 2 years ago | (#39280649)

I did when I was college.

Re:Assembly? (1)

rev0lt (1950662) | more than 2 years ago | (#39280669)

I *wish* my day-to-day job was OO asm development. I've done a fair amount of x86 OO programming, and it is quite easy (if you're fluent in asm).

Re:Assembly? (1)

JonySuede (1908576) | more than 2 years ago | (#39281381)

Re:Assembly? (1)

IwantToKeepAnon (411424) | more than 2 years ago | (#39281745)

I have also. TASM (Borland's Turbo Assembler) had support for it. The assembler would manage a vtable for you among other things. I've also programmed OO in Korn shell. Why OO in assembler or ksh? Because it was the right tool for the job and OO principals can be used anywhere they make sense and help the effort. It's not as far out there as you make it seem.

Re:Assembly? (0)

Anonymous Coward | more than 2 years ago | (#39282405)

It's not that hard. It fact, it makes work in assembly easier.

Re:Assembly? (1)

PPH (736903) | more than 2 years ago | (#39282807)

Not the whole app. According to TFA, it was written in C++. They even know which implementation. But this particular function (subroutine, method, whatever) appears not to be written in that.

Its something different. Or someone banged out some ASM by hand. If they can figure out what language this routine was written in, they can narrow down the list of possible authors*.

* Come on now. You didn't think the NSA wasn't scraping all the developers' resumes from LinkedIn to build a skill set database to figure out who wrote what, did you?

Re:Assembly? (1)

hawkbat05 (1952326) | more than 2 years ago | (#39280379)

By the sounds of the article they haven't ruled that out. They're just checking to see if it could be a higher level language that would help identify the writer(s).

Re:Assembly? (1)

tibit (1762298) | more than 2 years ago | (#39280441)

That's beside the point. Who the fuck cares what is the imaginary high level language this stuff was written in? They are analyzing the somewhat annotated disassembly anyway. To me it looks like it may be the output from some PLC environment. Perhaps it's CoDeSys output. It doesn't matter anyway, there are no tools that will take this and restore the source. It's not like you need something uber-fancy anyway to help with what's the key here: figuring out what the code does.

Re:Assembly? (1)

hawkbat05 (1952326) | more than 2 years ago | (#39281459)

The researchers care what high level language was used. It could help identify who wrote it since it's likely that the language has a small user base.

Re:Assembly? (1)

tibit (1762298) | more than 2 years ago | (#39281623)

Good point, although compared to mainstream tools like MSVC, almost everything has a "small" user base.

Re:Assembly? (1)

lightknight (213164) | more than 2 years ago | (#39282165)

Because it annoys the PhDs, that's why they care.

Think about it. We use high-level languages because it expresses an idea in fewer words. If I call a TextBox control in C#, that's simpler than the equivalent in Assembly. These people, of course, are annoyed, because without knowing what the higher language was (assuming there was one used), it will take their minds years to analyze what exactly the code is dong; whereas if they knew what the higher language was, they could create a decompiler, and have something approaching the original source code in a few weeks / months.

     

Re:Assembly? (1)

tibit (1762298) | more than 2 years ago | (#39282985)

Creating a "decompiler" isn't exactly trivial. The types of analyses you have to do on machine code compiled with today's optimizing compilers are fairly generic, they will give you some higher-level representation of the code no matter what was the underlying language. Those tools recognize certain patterns to provide even higher level information, but at a basic level they pretty much repeat what a compiler would do: there's data flow and control flow analysis, and a whole lot of inference based on those. I'm sure there's a whole lot of techniques and tricks published...

answer is simple (1)

Anonymous Coward | more than 2 years ago | (#39279831)

It's in ROT-13 Pig Latin.

I'll take my paycheck in gum, Trident Layers to be specific.

iron python (0)

koan (80826) | more than 2 years ago | (#39279835)

It's iron python.

Re:iron python (0)

Anonymous Coward | more than 2 years ago | (#39282053)

Iron Python, a .Net language that compiles to IL byte code that is JIT compiled by the .Net runtime?

Since it's the runtime doing the compiling, how can you be confident it's IronPython at all, over any other .Net language?

Re:iron python (2)

Mr Z (6791) | more than 2 years ago | (#39283129)

Ok, you and someone on the article both said the same thing, with absolutely nothing to back it up. Care to elaborate? I'm particularly curious how a .NET bytecode executable ends up as baroque machine code as opposed to CLI bytecode like most .NET languages.

Uhh what? (1)

JustNiz (692889) | more than 2 years ago | (#39279909)

...and here's me thinking that compiled code has already been reduced to machine code.

Re:Uhh what? (3, Interesting)

Zocalo (252965) | more than 2 years ago | (#39280103)

Of course it has, but that's not the point. There's potentially something unusual here, so if you can work out what language/compiler/linker was used there might be a clue to the identity of the code's author(s). It wouldn't be the first time that a piece of malware has been written in an experimental language developed for educational purposes and seldom, if ever, seen outside that educational establishment. It would only be circumstatial evidence of course, but it's still better than nothing and might help narrow the field enough to get a lead on the authors.

Re:Uhh what? (1)

spads (1095039) | more than 2 years ago | (#39280317)

Could be that it's a completely custom compiler which the thing downloads then wipes after use. Unless someone recognizes the language, it might be quite hard to figure out.

"This compiler will self-destruct in 10 seconds - 'squelch...'"

Re:Uhh what? (1)

lightknight (213164) | more than 2 years ago | (#39282177)

Or just a regular code obfuscator.

Re:Uhh what? (1)

Anonymous Coward | more than 2 years ago | (#39280115)

Assembler is a 1-to-1 correlation with machine code. Simple software can switch between the two.
As explained in the article (blasphemy, I know), high-level languages and the compilers they use tend to leave evidence in the machine code, which can be recognized by some of the real code-nutters when decompiled into assembler.

Re:Uhh what? (1)

rev0lt (1950662) | more than 2 years ago | (#39280781)

I've seen hand-written assembly listings and guessed correctly how many programmers worked on it, and which ones did what. Most compilers do leave a signature, specially if the code is compiled with optimizations - there are many ways of implementing the same base algorithms, and the key tricks show on the disassembly.

Re:Uhh what? (3, Insightful)

19thNervousBreakdown (768619) | more than 2 years ago | (#39280583)

A compiler takes your high-level language instructions, and generates the many, many low-level instructions it might take to express a given high-level instruction. The thing is, much like there's many ways to write a cover letter for a resume, there's a lot of different ways to do that high->low expression, but a compiler writer is unlikely to bother with more than one way, or maybe a couple others if there's some benefit to doing so.

A person on the other hand, will have all sorts of random variations in what they write. Oh, they'll come up with certain ruts, and have a certain style, but the won't be exactly the same every single time.

Compilers also do useless stuff. For a car analogy, it's kind of like the tow hooks under your bumper--most of the time they aren't used. A person isn't going to bother to put them there if they're not currently needed or they can envision a need for them--a compiler never forgets to put those hooks there, and sometimes puts them there even when it's redundant. Optimization gets rid of that kind of thing, but no compiler is perfect, and they're often conservative.

Re:Uhh what? (1)

Anonymous Coward | more than 2 years ago | (#39282739)

+1 CarAnalogy

huh? (0)

Anonymous Coward | more than 2 years ago | (#39280007)

Isn't all code self-documenting?

looks like a (0)

Anonymous Coward | more than 2 years ago | (#39280045)

the work of a Culture Mind. Call Mr. Banks.

Why should I care? (0, Insightful)

Anonymous Coward | more than 2 years ago | (#39280135)

Somebody obviously knows. They aren't telling due to penalty of losing their job and perhaps going to Federal prison. As they say, it's highly likely it's an in-house language. The resources required to create Stuxnet are said to require a nation or at least a corporation, and a motive which points the fingers at Israel and the USA. If I solve this problem the answer is something like, whoop-de-do, "DuQu is this guy's PhD dissertation applied to malware". Wow. Like, who cares?

Re:Why should I care? (1)

AHuxley (892839) | more than 2 years ago | (#39281157)

Like, who cares? This code is like Sputnik in orbit above your country - it sets the new legal framework that its ok to mess with industrial computers world wide and get to hide behind state support.

it was written in assembly language (3, Funny)

circletimessquare (444983) | more than 2 years ago | (#39280163)

that's just a guess

but the level these guys are working at here, something well above script kiddie and slightly below elder neckbeard, it seems entirely plausible to me

Re:it was written in assembly language (2)

spads (1095039) | more than 2 years ago | (#39280829)

I think it could be even well above the advanced neck beard. These guys wanted to do all the damage possible, without giving them any technology they could figure out and use.

Re:it was written in assembly language (4, Interesting)

VortexCortex (1117377) | more than 2 years ago | (#39281951)

Well, if it's above the advanced level of Neck-beard the Gray then it's even more advanced than something like a tiny VM that interprets encrypted bytecode and has re-allocatable variable width opcodes such that the second time you encounter an instruction it may not do the same thing. Eg: my opcodes are Arithmetic encoded and encrypted with an evolving 12bit block cipher; Additionally, each execution swaps a few "function pointers" that the op-codes invoke. The compiler for my VM makes several passes to discover the optimal compression, encryption, and initial opcode-to-action table to use. To reverse engineer such a beast requires manually stepping through machine code from the very first instruction -- That is, given a partial sample of code: no amount of visual analysis will reveal what it does. The language used to write programs for it? ASM, or a subset of C; Though it could be Java, Python or any other high level language -- That's the beauty of compilers.

Not saying this is what's been done, just that I've done and seen some VERY wicked code. I once cracked DRM that was implemented in enciphered MIPS and used such an embedded VM. It looked like the input language for the generated opcode was C.

The government employees paid to come up with such a thing would be at most on-par with the masses of crypto nerds that joygasm over such things -- Who do you think they would hire? There's not some magical government-only breed of human with super hacker powers... Ergo, they must hire from the available pool of people, and since they don't hire us all, or even necessarily the absolute brightest, the highest level of hackerdom they could employ would be on-par with "the advanced neck beard" at most.

Re:it was written in assembly language (5, Funny)

circletimessquare (444983) | more than 2 years ago | (#39282237)

fine, you've made your point

but the official coder manual officially classifies neckbeards as

young neckbeard, adult neckbeard, elder neckbeard, and ancient neckbeard

with Hit Points 100, 300, 700, and 1500, respectively

the ancient variety is allowed to cast Befuddlement at will with a savings throw adjustment of -6 on your character's intelligence rating. i see you tried to cast that spell in your past post

but i have no idea what this "advanced" neckbeard is you refer too. i don't think such a neckbeard classification exists... oh shoot, did you just Befuddle me?

fine, i'll wait out the next 3 turns

*sigh*

Proprietary (0)

Anonymous Coward | more than 2 years ago | (#39280195)

It's a proprietary framework used at McAfee... DMCA!

Enough of this SMALLTALK... (0, Funny)

Anonymous Coward | more than 2 years ago | (#39280265)

Enough of this SMALLTALK this DuQu language is BASIC to understand. It is PICO fast, runs sweet as MAPLE, and I hear is easy to MAKE. Be LUCID and CLEAN - you don't need to wear LaTeX, know a person named LISA, or any other LINGO. To let this FELIX GENIE out of it's DRACO bottle all you need to do it talk to a TUTOR. In the meantime CHILL out and enjoy some JAVA. Now Go, GO!

It's either: (4, Funny)

blueforce (192332) | more than 2 years ago | (#39280279)

Objective-Brainfuck or Brainfuck with Classes

Possibly? (1)

Authustian (988451) | more than 2 years ago | (#39280421)

Could it be possible that the authors came up with their own language, and/or compiler?

In Chinese ... (0)

Anonymous Coward | more than 2 years ago | (#39280697)

"Duqu" in Chinese Pinyin means "to read (some data)" ... LOL

erlang (5, Insightful)

slew (2918) | more than 2 years ago | (#39280815)

My guess is that it's probably erlang. It fits all the descriptions of how erlang works. Erlang is used in all sorts of realtime systems, it wouldn't be a stretch to see that it was used in a virus library. Someone that is in the Telecom or Network infrastructure industry might be familiar with Erlang and that type of person might also be the same type of person that knows enough about networks and network vunerabilities to architect a framework for virus distribution.

Re:erlang (0)

Anonymous Coward | more than 2 years ago | (#39280879)

Agree.

Re:erlang (1)

tibit (1762298) | more than 2 years ago | (#39280919)

+1 insightful. I haven't thought of Erlang!

Re:erlang (1)

Panaflex (13191) | more than 2 years ago | (#39281957)

But wouldn't erlang would have separate functions for each callback? Everything else is very similar.

Another architecture this looks similar too is the X Toolkit event library...

Perl (2)

0100010001010011 (652467) | more than 2 years ago | (#39280891)

That clearly looks like perl to me.

Re:Perl (5, Funny)

larien (5608) | more than 2 years ago | (#39280949)

Can't be perl. It's far too readable, for a start.

Re:Perl (1)

youn (1516637) | more than 2 years ago | (#39281365)

IMHO compiling may actually make it more readable :p

FTFA (1)

g0bshiTe (596213) | more than 2 years ago | (#39280915)

They don't know the language? Why are they concerned with the language it was written in? What if it was written in C++ or C on ARM and cross compiled for x86, would it look funky like that? Or is it possible it's compiled in TASM and they are actually looking at a 16-bit code segment where most of them have never seen less than 32-bit code?

the decoded message is (2, Funny)

Eponymous Coward (6097) | more than 2 years ago | (#39280963)

"Be sure to drink your Ovaltine."

Re:the decoded message is (1)

cant_get_a_good_nick (172131) | more than 2 years ago | (#39281257)

"Be sure to drink your Ovaltine."

Or you'll shoot your eye out?

Duh.. (1)

JohnnyOpcode (929170) | more than 2 years ago | (#39281175)

It's ADA..I'll let you figure out which compiler exactly ;)

j.

Spin language? (1)

colin_faber (1083673) | more than 2 years ago | (#39282287)

This looks a lot like "Spin" from a company called parallax. It's a proprietary programming language used to control their pic and hyperpic processors.

What about object pascal? (0)

Anonymous Coward | more than 2 years ago | (#39282305)

I guess pascal has some -if not all- of the listed features, and there are multiple compilers (and plenty of older versions) to chaos from such as mainstream FPC, Delphi, and some study / experimental.

Forth ? (1)

eulernet (1132389) | more than 2 years ago | (#39283131)

One of the comments on the page already said that.

I remember I disassembled Forth a lot of years ago.
It comes in 2 flavours: interpreted and compiled.
It relies on RPN heavily.
It's a very compact language, both in source and in compiled form.
You extend the language by using "words", and it's like OOP.

It's one of the weirdest language I ever used.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>