Aren't these the guys who wigged out because they thought Duqu was written in an entirely new custom virus language? And it was actually Visual C++? The second most common compiler on the planet? (after GCC) I would take their analysis with a big pinch of salt.
Not really; they just did OO with C structs and function pointers, this is actually how it used to be done in high- performance code like computer graphics before C++ got fast enough. And the " obfuscation" was passing the -O flag to the compiler...
Any group of reverse engineers who notice C calling conventions and conclude the function parameters are so uniform that it must absolutely be a deadly new HACKER LANGUAGE need to be taken out back and shot, but I doubt any actual engineers were responsible for that announcement.
From the official blog post:
>There are however some links which could indicate that the creators of Flame had access to technology used in the Stuxnet project - such as use of the “autorun.inf” infection method
If I'm not mistaken, you can find youtube videos on how to exploit autorun.inf to make a prank virus. I'm with you on these guys missing easy stuff.
That was actually my first thought as well. To be fair, it was C with Simple Object Orientation so not quite as terrible as misidentifying C++ straight up though it was still a bit of a fiasco.
From their perspective, I'm sure (over)hyping everything new they analyze as the next 'big deal' helps business even if they are wrong about the details on occasion.
