Flame and Stuxnet/Duqu Malware LinkedCategory: Science & Technology
Posted: June 11, 2012 04:02PM
Three examples of cyber-weaponry have recently been discovered in as many years. Stuxnet was first identified in 2010, though it actually existed in 2009, and Duqu was found in September 2011. The purposes of these two pieces of malware were quite different, with Stuxnet destroying equipment and Duqu acting as a backdoor to gather information, but careful examination showed they were part of the same platform. In May of this year the Flame malware was found, and due to its great sophistication, experts were unsure if all three were linked. New research from Kaspersky Labs has found that they are indeed linked.
Though Stuxnet was not discovered until 2010, because it started infecting normal PCs, there was a version of it in 2009. In that version is a module known as "Resource 207," which is used for spreading the malware via infected USB drives. Within that module is an executable file which the Kaspersky Lab researchers have found uses similar and even identical coding to parts of Flame. The only way this could happen is if the teams involved in the creation of the two malware platforms had collaborated at least once.
It is worth noting however that the Flame platform is quite different from the Tilded platform of Stuxnet and Duqu, so there were definitely two separate teams involved. In light of the recent news from the New York Times that states the US government is the source of Stuxnet and Duqu, Flame must also have been made by the US government.