ID :IRCNE2012061521
Date: 2012-06-12
According to Computerworld, security researchers today said that they have found a direct link between the notorious Stuxnet worm and the more-recently-discovered Flame espionage malware, indicating that the two teams cooperated and collaborated.
"We're very confident that the Flame team shared some of their source code with the Stuxnet group," Roel Schouwenberg, a senior researcher with Moscow-based Kaspersky Lab, said in an online presentation early Monday about the company's findings. "It's conclusive proof that the two worked together, at least once."
Stuxnet was first discovered in mid-2010, but researchers later traced its first variant, and first attack, to June 2009.
Flame's timeline is more murky, but most researchers agree that it goes back at least to 2010.
Today, Kaspersky said that its analysis shows that Flame harks back to no later than the summer of 2008, perhaps earlier.
The two pieces of malware, each included a module that appears to originate from the same source code, likely written by a single programmer. That module was used to infect Windows PCs through USB flash drives, and exploited a vulnerability that was patched in June 2009.
"Flame was a kick-starter," Schouwenberg said, explaining the use of the code similar to both Stuxnet and Flame. "In 2010, the Stuxnet group removed that [module], and each team went their separate ways."
Schouwenberg said he wasn't sure why the Stuxnet group pulled the attack module, but speculated that it was because Microsoft patched it several months after its creation. Later versions of Stuxnet relied on a different -- and at the time also unpatched -- vulnerability to do the work of the yanked module. "It was no longer needed, and maybe [the Stuxnet team] did not want to jeopardize the Flame operation."
In a detailed blog post, Kaspersky spelled out the similarities between the modules in both pieces of malware.
Related Topics:
Flame’s suicide
Microsoft Emergency Update
Identification of a New Targeted Cyber-Attack
- 2