Stuxnet And Flame Appear To Be Close Cousins

By Ken Presti
June 11, 2012 8:26 PM ET

Page 1 of 2

The malware commonly known as “Flame” appears to have a common origin with the military-grade Stuxnet worm.

That assessment comes from Kaspersky Labs, which has been comparing the two pieces of malware since Flame gained notoriety after being discovered by the Iranian government two weeks ago as part of an alleged attack on the country’s oil facilities.

According to a blog post from Kaspersky researchers, “a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda.” Kaspersky now considers the module in question to be a Flame plug-in.

This discovery reverses the company’s earlier position, suggesting that Flame and Stuxnet showed no obvious link or common software ancestor, despite the fact that both attacks were concentrated on the Middle East, shared similar modes of transmission via USB storage devices, an exploitation of the Windows auto-run feature, and exploited the use of a print spooler vulnerability.

The Kaspersky report goes on to say that the two pieces of malware appear to have taken separate directions at some point after 2009, potentially caused by each worm being assigned to separate development teams. Flame, however, appears to have been created first, and one of its modules was apparently used in the development of Stuxnet, potentially to exploit a zero-day vulnerability that enabled an escalation of privileges in a manner that was later patched by Microsoft. That module was removed in 2010, subsequent to the issuance of the patch.

A number of news reports point to the U.S. and Israeli governments as the ultimate sources of Flame, Stuxnet, or both. While neither has become an issue to corporate networks at this point, channel partners say it will likely foster a renewed interest in information security.

NEXT: The Channel Expects Opportunity

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows