Flame Malware Code Traced To Stuxnet
Source: Information Week
By Mathew J. Schwartz InformationWeek
June 11, 2012 11:45 AM
Did the U.S. government commission the recently discovered Flame malware? According to new research, the developers of the Stuxnet and Flame malware families crossed paths--swapping source code at least once--which suggests that the U.S. government didn't just commission Stuxnet, but Flame as well.
"In 2009, part of the code from the Flame platform was used in Stuxnet," said Alex Gostev, the chief malware researcher at Kaspersky Lab, Monday in a blog post. "We believe that source code was used, rather than complete binary modules," he said, which suggests some degree of collaboration or crossover.
But based on Kaspersky's ongoing teardowns of the Flame malware discovered in late May, he believes that "since 2010, the platforms have been developing independently from each other, although there has been interaction at least at the level of exploiting the same vulnerabilities."
According to published news reports, senior White House officials have said that the the United States led Stuxnet development, working with Israel. Hence if Stuxnet and Flame are related, it suggests that the United States is also behind the complex Flame malware.
Read more: http://www.informationweek.com/news/security/attacks/240001841
HubertHeaver
(2,522 posts)dipsydoodle
(42,239 posts)that Flame is c. 350 more complex than Stuxnet. Stuxnet had already been broken down and put to commercial use by others and doubtless similar will now occur with Flame.
Whoever created it/them should take care of what they wished. Sudden failure of their air traffic control system for example might not be considered desirable by the populations of the creator/creators by way of blowback.
neohippie
(1,142 posts)In this Ny Times story
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1&smid=fb-share
Apparently, we created both of these and used Israel to help us deliver it into Iran. Oh what a precedent to set, one who lives in glass houses, shouldn't throw stones.
dkf
(37,305 posts)IDemo
(16,926 posts)But my assumption is that this could be decompiled, decoded, whatever, and recombined by a team determined to take advantage of its various useful bits to exact revenge. I'm sure that's at least part of why the creators included some self-destruct code.
dipsydoodle
(42,239 posts)including finding the suicide function which in the event wasn't used by the authors. They used a delete file instead which worked but was also picked up by computers set up to catch it. The delete file file as such wasn't quite as effective as had been intended and probably also helped detect the sender.
Alamuti Lotus
(3,093 posts)shouldn't there be consequences for this sort of thing? I know there would be if it was somebody else up to similar no good..
wingzeroday
(189 posts)security expert explains it all