Saturday, December 10, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple AirPods Will Miss Holiday Season
Japan Display To Receive ¥50 bil. Support From Government
Google Said to Bring Internet To Cubans
Super Mario Run Won't Play Offline
U.S. Confirms Samsung and LG Dumped Washers
Xiaomi Electric Vehicle Launch on Monday, Yeelight LED Ceiling Light Launched
Hon Hai, Sharp To Build Massive LCD TV Plant In China
U.S. To Review Cyber Attacks Beyond 2016 Election
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Kaspers...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, June 12, 2012
Kaspersky Says Stuxnet and Flame Developers Are Connected


Kaspersky Lab's experts revealed that the teams behind the development of the Flame and Duqu/Stuxnet malwares are connected.

The discovery of the Flame malware in May 2012 revealed the most complex cyber-weapon to date. At the time of its discovery, there was no strong evidence of Flame being developed by the same team that delivered Stuxnet and Duqu. The approach to the development of Flame and Duqu/Stuxnet was different as well, which lead to the conclusion that these projects were created by separate teams. However, an in-depth research, conducted by Kaspersky Lab?s experts, revealed that these teams in fact cooperated at least once during the early stages of development.

Stuxnet was the first cyber-weapon targeting industrial facilities but it has also infected regular PCs worldwide, something that led to its discovery in June 2010. The next example of a cyber-weapon, now known as Duqu, was found in September 2011. Unlike Stuxnet, the main task of the Duqu Trojan was to serve as a backdoor to the infected system and steal private information (cyber-espionage).

The earliest known version of Stuxnet, supposedly created in June 2009, contains a special module known as "Resource 207". In the subsequent 2010 version of Stuxnet this module was completely removed. The "Resource 207" module is an encrypted DLL file and it contains an executable file that's the size of 351,768 bytes with the name "atmpsvcn.ocx". This particular file, as it is now revealed by Kaspersky Lab's investigation, has a lot in common with the code used in Flame. The list of striking resemblances includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming.

More than that, most sections of code appear to be identical or similar in the respective Stuxnet and Flame modules, which leads to the conclusion that the exchange between Flame and the Duqu/Stuxnet teams was done in a form of source code (i.e. not in binary form). The primary functionality of the Stuxnet "Resource 207" module was distributing the infection from one machine to another, using the removable USB drives and exploiting the vulnerability in Windows kernel to obtain escalation of privileges within the system. The code which is responsible for distribution of malware using USB drives is completely identical to the one used in Flame.

Alexander Gostev, Chief Security Expert, Kaspersky Lab, comments: "Despite the newly discovered facts, we are confident that Flame and Tilded are completely different platforms, used to develop multiple cyber-weapons. They each have different architectures with their own unique tricks that were used to infect systems and execute primary tasks. The projects were indeed separate and independent from each other. However, the new findings that reveal how the teams shared source code of at least one module in the early stages of development prove that the groups cooperated at least once. What we have found is very strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected".


Previous
Next
AMD, ARM, Imagination, MediaTek and Texas Instruments Form HSA Group        All News        Kodak Files Motion For Auction of Digital Imaging Patents
Microsoft Claims Windows 8 Is Enterprise-ready     General Computing News      Kodak Files Motion For Auction of Digital Imaging Patents

Get RSS feed Easy Print E-Mail this Message

Related News
Researchers Say 1 Million Google Accounts Breached by "Gooligan"
Android Devices Vulnerable To Physical RAM Attack
Millions Of Android Devices Infected With Chinese Malware
'GODLESS' Android Mobile Malware Uses Multiple Exploits to Root Devices
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps
ESET Discovers New Self-protecting USB Trojan
Video Malware Attack Spreads Across Websites
Malware Attacks Non-jailbroken Apple iOS Devices
F-Secure Identifies Malware Family Linked To Russian State-backed Cyber-espionage
Android Ransomware Can Change Your Mobile's PIN Code
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .