Xenophilia (True Strange Stuff)

Blog of the real Xenophilius Lovegood, a slightly mad scientist

«
»

Stuxnet And Flame Appear To Be Close Cousins

Posted by Xeno on June 15, 2012

The malware commonly known as “Flame” appears to have a common origin with the military-grade Stuxnet worm.

That assessment comes from Kaspersky Labs, which has been comparing the two pieces of malware since Flame gained notoriety after being discovered by the Iranian government two weeks ago as part of an alleged attack on the country’s oil facilities.

According to a blog post from Kaspersky researchers, “a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda.” Kaspersky now considers the module in question to be a Flame plug-in.

This discovery reverses the company’s earlier position, suggesting that Flame and Stuxnet showed no obvious link or common software ancestor, despite the fact that both attacks were concentrated on the Middle East, shared similar modes of transmission via USB storage devices, an exploitation of the Windows auto-run feature, and exploited the use of a print spooler vulnerability.

The Kaspersky report goes on to say that the two pieces of malware appear to have taken separate directions at some point after 2009, potentially caused by each worm being assigned to separate development teams. Flame, however, appears to have been created first, and one of its modules was apparently used in the development of Stuxnet, potentially to exploit a zero-day vulnerability that enabled an escalation of privileges in a manner that was later patched by Microsoft. That module was removed in 2010, subsequent to the issuance of the patch.

A number of news reports point to the U.S. and Israeli governments as the ultimate sources of Flame, Stuxnet, or both. While neither has become an issue to corporate networks at this point, channel partners say it will likely foster a renewed interest in information security.

via Stuxnet And Flame Appear To Be Close Cousins.

About these ads

This entry was posted on June 15, 2012 at 10:39 pm and is filed under Crime, Politics, Technology, War. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Stuxnet And Flame Appear To Be Close Cousins”

  1. greypost said

    June 16, 2012 at 12:14 am

    I just posted about the reaction (or the lack of it) to the discovery of stuxnet.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
Follow

Get every new post delivered to your Inbox.

Join 636 other followers

%d bloggers like this: