Researchers stumped over mystery code in Duqu malware

Analysts at Kaspersky Lab are calling for help from the security community in identifying a mysterious section of code in the Duqu malware, which may have been created in an entirely new programming language.

The company said that a close analysis of Duqu's makeup has revealed that the infection runs with with several different layers of components. While the company has broken down most of the infection to common C++ code, a specific section of the malware could not be decoded.

The unknown section, referred to as the 'Duqu Framework' contained a number of characteristics which are not believed to be C++ programming. Addtionally, Kaspersky ruled out common programming platforms such as Python, Java and Objective C.

"After having performed countless hours of analysis, we are 100 per cent confident that the Duqu Framework was not programmed with Visual C++," Kaspersky Lab researcher Igor Soumenkov said in the report.

"It is possible that its authors used an in-house framework to generate intermediary C code, or they used another completely different programming language."

Soumenkov suggested that the mysterious code could be the work of a separate collaborator, indiciating that multiple parties worked to develop the infection.

To help identify the malware, the company is calling on the security community to help analyse the code and suggest what possible language or technique the Duqu framework is employing.

First publicised in the fall of 2011, the Duqu malware has largely been spotted on systems in the Middle East and North Africa regions.

Researchers have noted a number of similarities in the behaviour and spread of Duqu with the infamous Stuxnet malware, leading some researchers to dub Duqu as the "successor" to Stuxnet.