A Collaboration? Stuxnet & Flame Share Coding

(Ping! Zine Web Tech Magazine) – Despite initial reporting that there was no link, a new blog by Kaspersky Lab on Monday signaled a tie between the state-launched viruses known as Flame and Stuxnet.

‘Flame’ was revealed by the same security company nearly two weeks ago as malware primarily affecting the Islamic Republic of Iran. At the time, Kaspersky referred to it as “the most sophisticated cyber weapon yet unleashed.”

According to the company, the two viruses share a similar variation of coding in a 520,192 byte plugin file known as resource 207. Although it’s codenamed differently in both viruses (it’s listed as Tocy in ‘Flame’), it’s incredibly similar, presenting a noticeable link between the two.

And while a tie was found, Kaspersky was quick to point to a collaboration between the virus makers, signaling that the malware actually didn’t originate from the exact same source.

“In 2009, part of the code from the Flame platform was used in Stuxnet. We believe that source code was used, rather than complete binary modules,” commented Kaspersky. “Since 2010, the platforms have been developing independently from each other, although there has been interaction at least at the level of exploiting the same vulnerabilities,” concluded the blog post.

Earlier this month, the New York Times reported that Stuxnet was actually developed by the United States and Israel, allies frequently add odds with Iran’s stance on nuclear proliferation. At one point, Stuxnet reportedly brought down the network used to manage the Islamic Republic’s nuclear program.