Researchers Find Code Connecting "Stuxnet" and "Flame" Computer Viruses

By Sophie Bushwick | June 12, 2012 12:41 pm

When the piece of malware given the name “Flame” was found last month, initial analysis indicated that it did not share code with Stuxnet and Duqu, two previously discovered programs also directed at Iran and other nations in the Middle East. However, researchers at the Kaspersky Lab have found that a chunk of early Stuxnet code called “resource 207” is also found in Flame, which indicates a connection between the authors of both programs.

An early version of Stuxnet from 2009 included the resource 207 module, which helped spread the virus to new machines via USB drives by exploiting a then-unknown security flaw in the Microsoft Windows operating system. The later incarnation of Stuxnet could accomplish the same task with different sections of code, and resource 207 was discarded. But when Kaspersky Lab researchers began studying an early module of Flame, they found its code bore a strong resemblance to Stuxnet’s resource 207. They believe that Flame was created first (which means it must date back to at least 2009), and its module lent a hand to the early stages of Stuxnet until the younger malware had been developed enough to stand on its own.

This similarity does not indicate that Flame and Stuxnet had the same programmers—while Stuxnet and Duqu share the same computing platform, Flame has a different architecture and uses different methods to infect computers. But although the authors of each program worked independently, they shared information at least once, and they may have cooperated on more than just resource 207, perhaps trading information on other Microsoft vulnerabilities.

The New York Times recently reported that Stuxnet was developed by the U.S. and Israel (in a secret project named “Olympic Games”) to interfere with Iran’s nuclear-enrichment facilities. Thus far, the source of Flame has not been pinned down.

[via Ars Technica]

  • floodmouse

    I just watched a science fiction movie called “Gog” from around 1950. The nuclear reactor was sabotaged by a robot that got its instructions from the mainframe computer, which had been programmed with malware at the factory. What really amused me was how the malware was apparently activated by some kind of wireless technology, based on signals from a plane flying overhead. The idea of having wireless networks and malware is apparently much older than the actual implementation.

  • Iain

    The idea of human flight predated the internal combustion engine by tens of thousands of years. Any other wise observations for us?

  • floodmouse

    @ Iain:

    LOL . . . . Read Jules Verne, who wrote about some amazingly modern stuff back in the 19th century, when most people were getting to work in horse-drawn carriages. I’m continually amazed by how good science fiction is at predicting the future, even if you’re jaded. Anyway, the point I was trying to make is that maybe the Stuxnet people saw the same movie I did.

  • Brian

    I don’t recall who said it, but the one thing SF didn’t predict is computers. The early writers had mechanical devices but they never predicted electric based computing.


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.

See More

Collapse bottom bar