The creators of the powerful ‘Flame’ computer attack seem to have collaborated with the team behind the ‘Stuxnet’ virus*.
Flame, which was uncovered and announced at the end of May, was targeted at computers in Iran and the Middle East for several years (see: ‘Uncovered spyware may have been at work for years’). Although there were similarities with the Stuxnet virus that infiltrated and allegedly damaged Iran’s nuclear programme in 2010, there was no firm evidence then that the two malwares were linked.
Now, researchers from the Kaspersky Lab, an antivirus company based in Moscow, say that they have identified overlaps in the code of these two attacks that show that their respective development teams probably cooperated around 2010. The overlaps involve code used to spread the virus through USB drives.
Part of the code from early versions of Stuxnet and its relative Duqu seems to be a Flame plug-in, says the Kaspersky Lab. This means that when Stuxnet was created, Flame already existed. Alexander Gostev, head of the Global Research and Analysis Team at the Kaspersky Lab, says in a piece at Secure List that there are probably two independent teams behind the two attacks.
“Each of these teams has been developing its own platform since 2007–2008 at the latest,” he writes. “In 2009, part of the code from the Flame platform was used in Stuxnet. We believe that source code was used, rather than complete binary modules. Since 2010, the platforms have been developing independently from each other, although there has been interaction at least at the level of exploiting the same vulnerabilities.”
The New York Times recently revealed that the US government had authorized the use of Stuxnet against Iran’s nuclear systems. However part of the worm, developed by the United States and Israel, escaped into the Internet wilds, the newspaper reported.
*In a 2010 Nature feature on this topic,Sharon Weinberger noted that “Technically, Stuxnet was a ‘worm’, a type of malware that can operate on its own without needing another program to infect. But even experts often call it a ‘virus’, which has become the generic term for self-replicating malware.”