Flame virus linked to Stuxnet: researchers (Update 2)

Jun 11, 2012

The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.

Kaspersky, the Russian computer security firm credited with discovering Flame last month, said its research shows the two programs share certain portions of code, suggesting some ties between two separate groups of programmers.

Kaspersky researcher Alexander Gostev said in a blog post that a first examination made it appear the two programs were unrelated.

"But it turns out we were wrong," he wrote. "Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame."

Gostev said Flame, even though it was discovered just recently, appears to predate Stuxnet, which was created in 2009.

"By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure," he said.

"The Stuxnet code of 2009 used a module built on the Flame platform, probably created specifically to operate as part of Stuxnet."

This, he said, points to the existence of "two independent developer teams... (each) developing its own platform since 2007-2008 at the latest."

Kaspersky, one of the world's biggest producers of anti-virus software, said the Flame virus was "about 20 times larger than Stuxnet," the worm which was discovered in June 2010 and used against the Iranian nuclear program.

High concentrations of computers compromised by Flame were also found in Lebanon, the West Bank and Hungary. Additional infections have been reported in Austria, Russia, Hong Kong and the United Arab Emirates.

Compromised computers included many being used from home connections, according to security researchers who were looking into whether reports of infections in some places resulted from workers using laptops while traveling.

Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.

Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.

Some reports say US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran's efforts to make a nuclear bomb.

Johannes Ullrich, a researcher at the Washington-based SANS Technology Institute, said the relationship between the two viruses remains unclear.

"Flame did initially appear very different, and I still think it wasn't written by the same group or individual that wrote Stuxnet," Ullrich told AFP.

"However, this doesn't mean that the two groups didn't coordinate or share code with each other. I do think this may have been the case with Stuxnet and Flame... the code could have been written by two different contractors who worked for the same government and as a result had access to each other's resources."

Explore further: Social Security spent $300M on 'IT boondoggle'

add to favorites email to friend print save as pdf

Related Stories

Kaspersky team reveals Stuxnet family of weapons

Dec 29, 2011

(PhysOrg.com) -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the ...

Global wave of Flame cyber attacks called staggering

May 28, 2012

(Phys.org) -- Kaspersky Lab has discovered complex malware that has been in operation for at least five years, collecting data from countries including both Israel and Iran. Kaspersky experts think the masterminds ...

Malware hunter Kaspersky warns of cyber war dangers

Jun 06, 2012

The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.

Obama stepped up cyberattacks on Iran: report

Jun 01, 2012

US President Barack Obama accelerated cyberattacks on Iran's nuclear program and expanded the assault even after the Stuxnet virus accidentally escaped in 2010, the New York Times reported Friday.

Iran says Duqu malware under 'control'

Nov 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Recommended for you

Study shows role of media in sharing life events

45 minutes ago

To share is human. And the means to share personal news—good and bad—have exploded over the last decade, particularly social media and texting. But until now, all research about what is known as "social sharing," or the ...

UK: Former reporter sentenced for phone hacking

7 hours ago

(AP)—A former British tabloid reporter was given a 10-month suspended prison sentence Thursday for his role in the long-running phone hacking scandal that shook Rupert Murdoch's media empire.

Evaluating system security by analyzing spam volume

8 hours ago

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net ...

Surveillance a part of everyday life

9 hours ago

Details of casual conversations and a comprehensive store of 'deleted' information were just some of what Victoria University of Wellington students found during a project to uncover what records companies ...

European Central Bank hit by data theft

9 hours ago

(AP)—The European Central Bank said Thursday that email addresses and other contact information have been stolen from a database that serves its public website, though it stressed that no internal systems or market-sensitive ...

Twitter admits to diversity problem in workforce

12 hours ago

(AP)—Twitter acknowledged Wednesday that it has been hiring too many white and Asian men to fill high-paying technology jobs, just like several other major companies in Silicon Valley.

User comments : 0