|
Security researchers from antivirus vendor Kaspersky Labs havefound evidence that the development teams behind the Flame andStuxnet cyberespionage threats collaborated with each other. The Kaspersky researchers determined that Flame, which is believed to have been created in 2008, and a2009-version of Stuxnet shared one component that served the samepurpose and had similar source code. Back in October 2010, Kaspersky's researchers analyzed a samplethat had been automatically classified as a Stuxnet variant by thecompany's automated systems. At the time, the researchers dismissedthe detection as an error because the sample's code looked nothinglike the code in Stuxnet. However, after Flame was discovered at the end of May, theKaspersky researchers searched their database for malware samplesthat might be related to the new threat and found that the sampledetected as Stuxnet in 2010 was actually a Flame module. The module uses an autorun.inf trick to infect computers via USBdrives and exploits a now-patched elevation of privilege (EoP)vulnerability to execute malicious code with full systemprivileges. Upon further research, the Kaspersky analysts determined thatStuxnet.A, which was created in early 2009, uses the sameautorun.inf trick and vulnerability to spread via USB drives. Infact, the source code responsible for this is almost identical tothe one in the Flame module. "It looks like the Flame platform was used to kick start theStuxnet platform," said Roel Schouwenberg, a senior researcher withKaspersky Lab's global research and analysis team, during aconference call with the press. The Kaspersky researchers already knew that Stuxnet and Flameleveraged the same EoP vulnerability, but this wasn't conclusiveproof that their developers collaborated. The exploit could havebeen created by a third-party that sold it to both teams,Schouwenberg said. However, the new discovery suggests that the developers of the twomalware threats actually shared source code, which is intellectualproperty and wouldn't normally be shared between unrelated teams."We are now 100-percent sure that the Flame and Stuxnet groupsworked together," Schouwenberg said. When Microsoft patched the EoP vulnerability in 2009 -- a fewmonths after the creation of Stuxnet.A -- the Stuxnet developersstopped using the Flame module for propagation and began exploitinga new vulnerability, which relied on malformed LNK (shortcut)files. The theory put forward by the Kaspersky researchers is that Flameand Stuxnet were created by two separate teams as part of twooperations funded by the same nation state. Flame was probably usedfor espionage and Stuxnet used for sabotage, Schouwenberg said. According to a recent New York Times report that quotes anonymoussources from the Obama administration, Stuxnet was created by the U.S. and Israeli governments as part of a secret operation called Olympic Games with the goalof crippling Iran's ability to produce weapon-grade nuclear fuel. I am an expert from lipocontroller.com, while we provides the quality product, such as China Laser Diode Controllers , IPL Screen, Lipo Controller,and more.
Related Articles -
China Laser Diode Controllers, IPL Screen,
|
