High Level Coding Language Used To Create New POS Malware

An anonymous reader writes: A new malware framework called ModPOS is reported to pose a threat to U.S. retailers, and has some of the highest-quality coding work ever put into a ill-intentioned software of this nature. Security researchers iSight say of the ModPOS platform that it is 'much more complex than average malware'. The researchers believe that the binary output they have been studying for three years was written in a high-level language such as C, and that the software took 'a significant amount of time and resources to create and debug'.

C is high level?

[Dutch+Gun]

I think they're misusing the term "high level" when it comes to programming languages. I suspect what they're trying to get at is that it's sophisticated and competently coded.

I wonder why they assume it's C and not C++, incidentally, since they're presumably looking at decompiled assembly? I haven't done much C vs C++ side-by-side analysis of the two... is there an obvious difference in the generated assembly? I guess maybe v-table structures would point to C++, where C programmers likely wouldn't invent such constructs.

Re:C is high level?

[vux984]

is there an obvious difference in the generated assembly?

There would be in most projects that were not outright trying to obscure they were using C++.

Its been a while since I looked at disassembled code, but you used to be able to easily tell what compiler and even version of that compiler was used just from the boilerplate setup code; the way things were 'arranged', exception handlers etc, and obviously library usage was frequently a dead giveaway. Your not going to see a either an iostream or an STL container in a C program.