Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Seek Help In Solving DuQu Mystery Language

Posted by samzenpus on from the rosetta-stone-wanted dept.

An anonymous reader writes "DuQu, the malicious code that followed in the wake of the infamous Stuxnet code, has been analyzed nearly as much as its predecessor. But one part of the code remains a mystery, and researchers are asking programmers for help in solving it. The mystery concerns an essential component of the malware that communicates with command-and-control servers and has the ability to download additional payload modules and execute them on infected machines."

8 of 131 comments (clear)

  1. It says... by Anonymous Coward · · Score: 5, Funny

    NSA Property, Keep Out.

    1. Re:It says... by Beardo+the+Bearded · · Score: 5, Interesting

      It looks to me to be the output from the PLC compiler. Clear, count, and compare are basic ladder logic commands.

      If you figure out which PLCs the Iranians are using that'll give you the compiler; each brand has its own and you're really unlikely to see it if you haven't used it. How many people here have used DirectSoft? Have you seen Schneider's programming interface?

      That would explain why the researchers haven't seen it. You rarely use PLCs outside of industry.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  2. Re:NSA by TaoPhoenix · · Score: 5, Insightful

    Actually, I'll reverse the joke and gun for +1 Insightful.

    Ready?

    Literally why does this story even exist? This code takes out nuclear reactors and "researchers ask programmers for help"? Really?! (Does "Ask" imply they want the answer FREE?!)

    So the Dept of Homeland Security is busy helping yank down file share sites and they have no time for this?

    Ladies and Gentlemen and AI's, this is your answer to why we're spiralling into a mess.

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  3. erlang by slew · · Score: 5, Insightful

    My guess is that it's probably erlang. It fits all the descriptions of how erlang works. Erlang is used in all sorts of realtime systems, it wouldn't be a stretch to see that it was used in a virus library. Someone that is in the Telecom or Network infrastructure industry might be familiar with Erlang and that type of person might also be the same type of person that knows enough about networks and network vunerabilities to architect a framework for virus distribution.

  4. Re:NSA by Baloroth · · Score: 5, Insightful

    Literally why does this story even exist? This code takes out nuclear reactors and "researchers ask programmers for help"? Really?! (Does "Ask" imply they want the answer FREE?!) So the Dept of Homeland Security is busy helping yank down file share sites and they have no time for this?

    Why would DHS have anything to do with this? DuQu so far hasn't done anything to American interests (in fact, so far as I can tell, it has helped them). The people in TFA looking at the code are Kaspersky: a Russian anti-virus company. They don't even recognize the language the code is written in, much less how it works, and they are wondering if anyone of the billions of people on the Internet knows (specifically, if it is a a specialized language used in some niche industry or something). If no one does, they can be pretty sure it was a custom created language, and proceed accordingly. They aren't asking for someone to do their work for them: they are saying "hey, this look like anything anyone knows?" DHS might be looking at it too, if they didn't create it: but the story has absolutely nothing whatsoever to do with them, in any way. Not even the same continent.

    Also, I don't know where you got "takes out nuclear reactors." Stuxnet did damage to nuclear centrifuges. AFAICT all DuQu seems to be doing is stealing data (private keys, actually). Bad for people who get infected, yes. Not like it is causing nuclear meltdowns or something.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  5. Re:Perl by larien · · Score: 5, Funny

    Can't be perl. It's far too readable, for a start.

  6. Re:it was written in assembly language by circletimessquare · · Score: 5, Funny

    fine, you've made your point

    but the official coder manual officially classifies neckbeards as

    young neckbeard, adult neckbeard, elder neckbeard, and ancient neckbeard

    with Hit Points 100, 300, 700, and 1500, respectively

    the ancient variety is allowed to cast Befuddlement at will with a savings throw adjustment of -6 on your character's intelligence rating. i see you tried to cast that spell in your past post

    but i have no idea what this "advanced" neckbeard is you refer too. i don't think such a neckbeard classification exists... oh shoot, did you just Befuddle me?

    fine, i'll wait out the next 3 turns

    *sigh*

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  7. Seriously! by HiggsBison · · Score: 5, Insightful

    I'm sure he did write assembly. But Object Oriented assembly?

    I'm incredulous that you are incredulous. I thought I saw a book about that somewhere. So I walked over to my tall stack of random language books and there it is:
    Object-Oriented Assembly Language, Len Dorfman, McGraw-Hill, 1990

    I hereby thwack you upside the head.

    --
    My other car is a 1984 Nark Avenger.