Flame and Stuxnet Developers Worked Together, Researchers Say

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,160
Points 1,185,410
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, Jun 11 2012 2:19 PM
After researchers identified the terrifying Flame malware recently, they called it the most sophisticated cyber weapon they’d ever seen, which is impressive, considering how powerful the Stuxnet and Duqu bugs that wrought havoc in the Middle East a couple of years ago were.

As it turns out, Flame and Stuxnet and Duqu have quite a bit in common. Kasperky Labs has now had a chance to dissect Flame, and they have discovered strong evidence that the teams who developed Flame and Stuxnet worked together. (Previously, they determined that Stuxnet and Duqu were built on the same platform, called “Tilded”, which indicates that there was collaboration there, as well.)


L is code from DecrypString function from Resource 207; R is the same from Flame

The biggest piece of evidence pertains a module called “Resource 207”, which was in one of the early versions of Stuxnet, is more or less replicated in Flame. Resource 207’s job was to spread the infection from machine to machine. The code found in Resource 207 and the similar code in Flame share include, according to Kasperky Labs, “the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming.” Although researchers determined that Flame and Stuxnet/Duqu are built on different platforms, further similarities indicate that the Flame and Stuxnet teams flat-out swapped source code with one another, showing close collaboration at some point.


How it spreads

In a statement, Kaspersky Lab’s Chief Security Expert Alexander Gostev said:

The projects were indeed separate and independent from each other. However, the new findings that reveal how the teams shared source code of at least one module in the early stages of development prove that the groups cooperated at least once. What we have found is very strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected.

There are more details available from Secure List, in a detailed blog post.

The only good news here is that for the most part, consumers aren’t affected.
  • | Post Points: 35
Top 150 Contributor
Posts 758
Points 10,695
Joined: Sep 2009
eunoia replied on Tue, Jun 12 2012 3:07 AM

.

...pending.

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Tue, Jun 12 2012 10:24 PM

Things will be much better once the "Certified Windows8 Compatible" bootloaders are released. When only software signed by Microsoft , or that made by anyone with $99 and Verisign's email address, is allowed to run on your PC, you'll be totally safe.

What's that, imaginary voice in my head? Flame was signed with a cert derived from an MS cert and represented itself as MS software? And... Timmy fell down a well?

Well... I have a lot of stuff to work our right now - but I think we can agree that security systems that rely on you to trust one major corporation with a history of security failures to be totally secure from top to bottom is not a great life-plan.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS