Earlier this month, security researchers from Kaspersky Lab asked for help identifying an “unknown” programming language in the Duqu trojan. Now they have their answer: the Duqu Framework was written in C and compiled with MSVC 2008 using the special options “/O1” and “Ob1.” In addition, they believe the code in question was likely written with “OO C,” a custom extension for C.
“All the conclusions above indicate a rather professional team of developers, which appear to be reusing older code written by top ‘old school’ developers,” said Kaspersky Lab’s Igor Soumenkov. “Such techniques are normally seen in professional software and almost never in today’s malware. Once again, these indicate that Duqu, just like Stuxnet, is a ‘one of a kind’ piece of malware which stands out like a gem from the large mass of ‘dumb’ malicious program we normally see.”