START A PETITION 25,136,189 members: the world's largest community for good
START A PETITION
x
1,391,171 people care about Politics

Flame and Stuxnet Malware Share Source Code

Flame and Stuxnet Malware Share Source Code

Russian cybersecurity firm Kaspersky Labs has reported that the Flame virus, malware discovered in May that was found to be infecting hundreds of computers in Iran, Israel and the Middle East, shares some of the source code with Stuxnet, malware that reportedly damaged a nuclear facility in Iran and that was built by programmers in Israel and the US. An earlier version of Flame, “Toc.ya,” which was detected in October of 2010, bears numerous similarities to a portable executable file in Stuxnet, “Resource 207.” For both Flame and Stuxnet, the code had a key role: Once an infected USB stick was inserted into a computer, the code contained instructions to “autorun” the malware and thereby to install and propagate it.

Talking Points Memo describes the implications of such findings as potentially “enormous,” especially due to the recent report (first appearing in the New York Times) linking Stuxnet to the US and Israel. Stuxnet seems to be the first cyberweapon in an ongoing US cyber-espionage effort that is codenamed “Olympic Games.”

Despite the similarities, Kaspersky and other leading cybersecurity analysts have yet to say if both malware programs were created by the same teams of programmers. What is certain is that, due to the complexity of both Flame and Stuxnet, they were commissioned by nation-states, a point reiterated by Dr. Hamadoun Toure, the head of the United Nations’ telecommunications agency who has told the BBC that he “does not think the US is behind the attack.” He also said that he did not consider Flame an act of cyberwar because “it has been detected in time.”

Prof Alan Woodward, a computer security expert at the University of Surrey, commented to the BBC that, while the existence of the shared code suggests the programmers of the both types of malware were “collaborating, albeit only in a minor way,” much else “still indicates that Flame and Stuxnet were written, designed and built by a completely separate group of developers.”

Kevin Haley, director of security response at American cybersecurity firm Symantec, which is also analyzing the code, said in Talking Points Memo that

“I think the lesson governments take away from these pieces of malware is that they work, and that if ‘we’re not doing it, we should be.’ We’d be foolish to believe otherwise.”

Whoever wrote Flame were “world-class crytographers,” Ars Technica observes, citing Alex Sotirov, a co-founder and chief scientist of New York-based security firm Trail of Bits. Sotirov says that the crytographic process that Flame needed to take over Microsoft’s Windows Update process was “so computationally demanding, it would have required the equivalent of $200,000 worth of computing time from Amazon’s EC2 Web service for most people to carry it out.”

The US government has still not officially commented on Flame. US Attorney General Eric R. Holder has directed two US Attorneys to investigate the recent disclosures to the media and come under bipartisan attacks about leak investigations.

Related Care2 Coverage

The Flame Virus, Cyberwarfare and Obama

Is America Planning Nuclear Drones?

Does This Machine Gun Belong in a Museum?

 

Read more: , , , , , , , , , , , , , , , ,

Photo by sk8geek

have you shared this story yet?

some of the best people we know are doing it

15 comments

+ add your own
11:35PM PDT on Aug 1, 2012

Sounds like sci-fi, but is all to real. There should definitely be more exposure of this story!

2:24AM PDT on Jun 14, 2012

Punish the people carrying out this act of war.

12:39AM PDT on Jun 14, 2012

Our government has said if we suffer a commuter attack we are justified to respond with any means necessary -- in other words we consider it an act of war -- and yet we are willing to use computer viruses on others. And we expect no repercussions -- this kind of action should be exposed and decried.

What we should NOT have done, is given the Shah the help that started Iran's nuclear exploration.

6:27PM PDT on Jun 13, 2012

i'm just going to reformat my hd, i usually do that every 6mo to a year anyhoo, just for gp and my puter is over due.

6:25PM PDT on Jun 13, 2012

http://www.kgw.com/news/business/Many-may-lose-Internet-in-July-when-FBI-shuts-down-virus-screen-148307275.html

{{{

Posted on April 20, 2012 at 1:05 PM

Updated Friday, Apr 20 at 4:12 PM

WASHINGTON -- For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections after early July.

The problem started when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual move, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system will be shut down this summer.

The FBI is encouraging users to visit a website run by a security partner that will inform them whether they're infected -- and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

To check and clean computers, try: www.dcwg.org

When you access the site, click on "Detect" in the upper left corner, or on the Green Button next to it.

You will be directed to a new page. Pick your language from the list and click on the link next to it.

If your computer is not infected, you will see a green logo with the message: "DNS Resolution(equals)Green. Your computer appears to be looking up IP addresses correctly!"

If you see that message, you don't need to do anything more.

If you see a message with a red logo saying your computer appears to be inf

6:20PM PDT on Jun 13, 2012

I heard about this a month ago;

FBI Warns Common Virus Will Shut Down Infected Computers This July

via PSFK: http://www.psfk.com/2012/04/fbi-warns-of-common-virus-headlines.html#ixzz1xj5nB0mB

http://www.psfk.com/2012/04/fbi-warns-of-common-virus-headlines.html

If your computer is affected with DNSChanger malware, the FBI warns that your computer will lose its Internet connection on July 9th if you don’t take proper steps to remove the virus

3:23PM PDT on Jun 13, 2012

The title is misleading. How could anyone tell if they shared "source code"? Since the source code is only available to the person(s) who wrote and compiled the source code into executable code. How much executable code they share is another matter entirely... is it a few bytes or several thousand consecutive bytes?

As Carina K. mentioned, if the programmer used any publicly available snippets of code, or even incorporated a standard library of functions (such as a Windows DLL), then they will share code, but that does not mean they were written by the same people.

Sarah H. You misunderstood things... the names of viruses are either given to them or visible in the code itself. By "code", it means the digital files that comprise the software/virus... it's not the same meaning as a "secret code".

11:53AM PDT on Jun 13, 2012

If there is an investigation, do not expect it to go anywhere, kind of like the 911 investigation.

That would be like asking the wolf to guard the hen house. The U.S. was/is behind Stuxnet and most probably Flame, it originated with the Americans, with help of those bastard jews in Occupied Palestine, along with Siemens Corp, with implanted the virus.

They were attempting to cause the Iranians to lose control over their centrifuges, over 1000 of them. Which are used to separate bulk material from enriched.

When Stuxnet "broke out," I was locked out of my Yahoo account for nearly 3 weeks, they went as far as to insinuate that I had played a role.

In the end, I was to discover that an Iran Scientist with whom I had exchanged e-mails, had been working at one of the Iranian sites. Actually, our conversations was about promoting sanitation and clean water throughout the developing world.

His laptop became infected, that was the reason that I was given was. The e-mail's he sent to me, got loaded onto Yahoo's systems, the rest as they say is, "History."

I, for one never realized any problems with my computers, his laptop was loaded with a Windows operating system, my computers, (3) are all MacsBooks.

Moral of the story, you want to stay clean, stay way from the Windows to Hell...Go Mac.

11:48AM PDT on Jun 13, 2012

Are these people above the law?

7:02AM PDT on Jun 13, 2012

Interesting article,thank you...

add your comment



Disclaimer: The views expressed above are solely those of the author and may not reflect those of
Care2, Inc., its employees or advertisers.

ads keep care2 free

Recent Comments from Causes

if this doesn't make your hair stand up on end...nothing will.

Christopher P. 10:55am PDT on Sep 30, 2014 For those who are steadfast in their belief that plants…

meet our writers

Kristina Chew Kristina Chew teaches and writes about ancient Greek and Latin and is Online Advocacy and Marketing... more
Story idea? Want to blog? Contact the editors!
ads keep care2 free

more from causes




Select names from your address book   |   Help
   

We hate spam. We do not sell or share the email addresses you provide.