Flame and Stuxnet Malware Share Source Code
Russian cybersecurity firm Kaspersky Labs has reported that the Flame virus, malware discovered in May that was found to be infecting hundreds of computers in Iran, Israel and the Middle East, shares some of the source code with Stuxnet, malware that reportedly damaged a nuclear facility in Iran and that was built by programmers in Israel and the US. An earlier version of Flame, “Toc.ya,” which was detected in October of 2010, bears numerous similarities to a portable executable file in Stuxnet, “Resource 207.” For both Flame and Stuxnet, the code had a key role: Once an infected USB stick was inserted into a computer, the code contained instructions to “autorun” the malware and thereby to install and propagate it.
Talking Points Memo describes the implications of such findings as potentially “enormous,” especially due to the recent report (first appearing in the New York Times) linking Stuxnet to the US and Israel. Stuxnet seems to be the first cyberweapon in an ongoing US cyber-espionage effort that is codenamed “Olympic Games.”
Despite the similarities, Kaspersky and other leading cybersecurity analysts have yet to say if both malware programs were created by the same teams of programmers. What is certain is that, due to the complexity of both Flame and Stuxnet, they were commissioned by nation-states, a point reiterated by Dr. Hamadoun Toure, the head of the United Nations’ telecommunications agency who has told the BBC that he “does not think the US is behind the attack.” He also said that he did not consider Flame an act of cyberwar because “it has been detected in time.”
Prof Alan Woodward, a computer security expert at the University of Surrey, commented to the BBC that, while the existence of the shared code suggests the programmers of the both types of malware were “collaborating, albeit only in a minor way,” much else “still indicates that Flame and Stuxnet were written, designed and built by a completely separate group of developers.”
Kevin Haley, director of security response at American cybersecurity firm Symantec, which is also analyzing the code, said in Talking Points Memo that
“I think the lesson governments take away from these pieces of malware is that they work, and that if ‘we’re not doing it, we should be.’ We’d be foolish to believe otherwise.”
Whoever wrote Flame were “world-class crytographers,” Ars Technica observes, citing Alex Sotirov, a co-founder and chief scientist of New York-based security firm Trail of Bits. Sotirov says that the crytographic process that Flame needed to take over Microsoft’s Windows Update process was “so computationally demanding, it would have required the equivalent of $200,000 worth of computing time from Amazon’s EC2 Web service for most people to carry it out.”
The US government has still not officially commented on Flame. US Attorney General Eric R. Holder has directed two US Attorneys to investigate the recent disclosures to the media and come under bipartisan attacks about leak investigations.
Related Care2 Coverage
Photo by sk8geek