When the piece of malware given the name “Flame” was found last month, initial analysis indicated that it did not share code with Stuxnet and Duqu, two previously discovered programs also directed at Iran and other nations in the Middle East. However, researchers at the Kaspersky Lab have found that a chunk of early Stuxnet code called “resource 207” is also found in Flame, which indicates a connection between the authors of both programs.
An early version of Stuxnet from 2009 included the resource 207 module, which helped spread the virus to new machines via USB drives by exploiting a then-unknown security flaw in the Microsoft Windows operating system. The later incarnation of Stuxnet could accomplish the same task with different sections of code, and resource 207 was discarded. But when Kaspersky Lab researchers began studying an early module of Flame, they found its code bore a strong resemblance to Stuxnet’s resource 207. They believe that Flame was created first (which means it must date back to at least 2009), and its module lent a hand to the early stages of Stuxnet until the younger malware had been developed enough to stand on its own.
On October 14, security company Symantec got word from a research lab that they’d discovered a piece of malware that looked a lot like Stuxnet, the sophisticated computer virus that made headlines last year after its anonymous designers used it to attack Iran’s nuclear program. This new malware, called Duqu by the researchers who discovered it, shares much of Stuxnet’s code, suggesting that it came from the same people who built the first virus, or at least people who had access to the source code. Read More