The developers of two of the most sophisticated pieces of malware ever created – Stuxnet and Flame – cooperated at least once, according to security firm Kaspersky.
Replicated code has been discovered across Stuxnet and Flame, providing “very strong evidence” the teams behind the malware shared source code with one another at early stages of their development, the Russian firm said.
Furthermore, the code for distribution using USB drives was completely identical in both, Kaspersky found.
The Resource 207 module was dropped in later versions of Stuxnet. It was also used to exploit a once-unknown flaw in a Windows application to escalate privileges in the system once a machine was infected via a USB.
Kaspersky said that although the Stuxnet and Flame teams coordinated, they were not using the same development platform. Stuxnet used the Tilded platform, whereas Flame used a separate framework. The findings also indicated Flame could be older than Stuxnet.
“By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure,” said Kaspersky Lab expert Alexander Gostev, in a blog post.
“After 2009, the evolution of the Flame platform continued independently from Stuxnet.
“The above conclusions point to the existence of two independent developer teams, which can be referred to as ”Team F” (Flame) and ”Team D” (Tilded). Each of these teams has been developing its own platform since 2007-2008 at the latest.
“In 2009, part of the code from the Flame platform was used in Stuxnet. We believe that source code was used, rather than complete binary modules. Since 2010, the platforms have been developing independently from each other, although there has been interaction at least at the level of exploiting the same vulnerabilities.”
Gostev said that he was confident Flame and Tilded are completely different platforms, used to develop “multiple cyber-weapons”.
This month, it emerged that the US was responsible for creating Stuxnet in a partnership with Israel, which could mean both were also behind Flame. One of Flame’s propagation methods involved the replication of Microsoft certificates – something Mikko Hypponen, chief research officer at F-Secure, thinks would anger the Redmond firm.
“If Flame was done in USA, it would mean that Microsoft Update was hacked by a US Goverment Agency. Microsoft must be mad as hell,” Hypponen tweeted.
Are you a security geek? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…