Monday, 11 June 2012 11:45

Flame and Stuxnet Devs Appear to Have Shared Source Code At Least Once

Written by

Reading time is around minutes.

broken-lockIt would appear that the developers of Stuxnet/Duqu and Flame shared at least some source code during development. At least that is what security research firm Kaspersky seems to think. Kaspersky was the company that found the massive bit of malware that was using a compromised Microsoft Terminal Server licensing model to sign certificates for their code. Flame appears to have been a very coordinated espionage attack on Iran and has been in the news thanks to the complexity and functionality that it has.

Now Alexadner Gostev, Chief Security Expert at Kaspersky, seems to feel that due to a module found in Flame that there were two development teams that shared resources at least once. What they found was a resource (Resource 207) in Stuxnet that appears to operate in the same ways that Flame does including file naming, the decryption algorithm and more. It is some pretty solid evidence that the teams might have cooperated at least once during the development of the two “cyber weapons”.

Now Stuxnet has been pinned on the US (and in particular the Bush and Obama administrations), but so far no one has openly claimed responsibility for any of these attacks. This is not that big of a deal though, as we would not expect them to anyway. Still there is little doubt that this was not the work of organized crime, but of a “nation-state”. However finding out who is actually behind this might be a little difficult since the people pulling the strings on Flame have already sent the kill command. This command (as has been previously reported) removes almost all traces of the malware from systems that it is on.

This is one more thing to worry about as we finally get past a week that saw not one, but four password databases breached… Really we wonder what is next.

 

Discuss this in our Forum

Read 2989 times Last modified on Monday, 11 June 2012 13:03

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.