AD

来自Duqu的OO C

震网病毒Stuxnet之子Duqu的出现,人们对它使用的哪种编程语言产生了疑惑。

据说是OO C。

在国外某个帖子的讨论上,经过讨论,支持了该结论,节选:


  • The Duqu Framework consists of "C" code compiled with MSVC 2008 using the special options "/O1" and "/Ob1"

  • The code was most likely written with a custom extension to C, generally called "OO C"

  • The event-driven architecture was developed as a part of the Duqu Framework or its OO C extension

  • The C&C code could have been reused from an already existing software project and integrated into the Duqu trojan


All the conclusions above indicate a rather professional team of developers, which appear to be reusing older code written by top "old school" developers. Such techniques are normally seen in professional software and almost never in today's malware. Once again, these indicate that Duqu, just like Stuxnet, is a "one of a kind" piece of malware which stands out like a gem from the large mass of "dumb" malicious program we normally see.

详细可见:点我不会怀孕

评论

此博客中的热门博文

简单粗暴导出小米便签

我——终于一个人了

多种方法绕过POWERSHELL的执行策略