Skip to main content

Kaspersky: Cyberweapons Flame and Stuxnet share code

Flame malware / cyberweapon
Image used with permission by copyright holder

When word of the sophisticated Flame cyberweapon first came out a couple weeks ago, Russian security firm Kaspersky indicated that despite some superficial similarities, there was no indication Flame had much of anything in common with Stuxnet, a software weapon that specifically targeted Iran’s uranium-enrichment efforts and then escaped into the wild. Now, Kaspersky says it was wrong: The firm claims to have uncovered shared code that indicate the creators of Flame and Stuxnet at least worked together — and may even be the same people.

Flame has attracted considerable attention in security circles for its sophisticated architecture the enables attackers to install modules tailored to their interest in a particular systems. Various modules appear to perform “normal” malware tasks like scanning through users’ files and logging keystrokes; Flame modules have also been found that appear to take screenshots, turn on audio microphones to record audio, and even poll nearby Bluetooth devices for contacts and other information.

Recommended Videos

The evidence? Back when Stuxnet was roaming free, Kaspersky’s automated systems picked up on something that looked like a Stuxnet variant. When Kaspersky’s staff initially looked at it, they couldn’t really understand why their systems thought it was Stuxnet, assumed it was an error, and reclassified it under the name “Tocy.a.” When Flame, appeared, however, Kaspersky went back to look for things that might link Flame to Stuxnet — and, lo and behold, there the Tocy.a variant that didn’t make any sense. In light of Flame, Kaspsersky says Tocy.a actually makes more sense: it’s an early version of a plug-in module for Flame that implements what (at the time) was a zero-day privilege escalation exploit in Windows. Tocy.a wandered into Kaspersky’s systems all the way back in October 2010, and contains code that can be traced to 2009.

“We think it’s actually possible to talk about a ‘Flame’ platform, and that this particular module was created based on its source code,” wrote Kaspersky’s Alexander Gostev.

If Kaspersky’s analysis is correct, it would indicate the “Flame platform” was already up and running by the time the original Stuxnet was created and set loose back in early-to-mid 2009. The approximate dating is possible because the proto-Flame code only appears in the first version of the Stuxnet worm: It vanished from two subsequent versions of Stuxnet that appeared in 2010.

Kaspersky infers that the highly-modular Flame platform proceeded on a different development path from Stuxnet, meaning there were at least two development teams involved. But the present of that early version of a Flame module seems to indicate the Stuxnet developers had access to source code for a true zero-day Windows exploit that was (at that point) unknown to the broader security community. That means the two teams were pretty tight, at least at one point.

The New York Times has reported that Stuxnet was created as a cyberweapon by the United States and Israel in an effort to hample Iran’s uranium enrichment activities. Since the discovery of Flame and its subsequent analysis by computer security firms, Flame’s creators have apparently sent a “suicide” command to some Flame-infected systems in an effort to remove traces of the software.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Eyes on the Samsung Galaxy Book5 Pro 360? Get it at up to $500 off
Samsung Galaxy Book5 Pro 360 front view showing tend mode.

For those who are shopping for a powerful laptop but want to look beyond the best laptop brands, why not try the Samsung Galaxy Book5 Pro 360? It's currently available from Samsung with a promotional trade-in credit program that can get you up to $500 off its sticker price of $1,700, so you can potentially pay as low as $1,200 for this device. You're going to have to hurry if you're interested in taking advantage of this offer though, as there's no telling how much time is remaining before it ends.

Why you should buy the Samsung Galaxy Book5 Pro 360 laptop
The Samsung Galaxy Book5 Pro 360 is a 2-in-1 laptop in the convertible category, which means it transforms from laptop mode to tablet mode by flipping its 16-inch AMOLED touchscreen all the way back to below the keyboard, as explained by our laptop buying guide. The device maintains its portability though, as it is incredibly thin and offers excellent battery life. The Samsung Galaxy Book5 Pro 360 is also pretty quick in terms of performance, as it's equipped with the Intel Core Ultra 7 Series 2 processor, Intel Arc Graphics, and 16GB of RAM. It also ships with Windows 11 Home pre-installed in a 1TB SSD, which should provide more than enough storage space for the software and files that you'll need.

Read more
Adobe releases its first commercially safe Firefly video generating AI
Firefly video still shot of an Icelandic horse

Following on the success of its IP-friendly Firefly Image model, Adobe announced on Wednesday the beta release of a new Firefly Video model, as well as two subscription packages with which to access its audio and video generating abilities. Generate Video, according to the announcement post, "empowers creative professionals with tools to generate video clips from a text prompt or image, use camera angles to control shots, create professional quality images from 3D sketches, craft atmospheric elements and develop custom motion design elements."

The model will initially be able to generate video in 1080p resolution to start, though the company plans to release a 4k model for professional production work in the near future. Like the image generator, Firefly Video is trained exclusively on Adobe stock, licensed, and public domain content, making its outputs usable in commercial applications without fear of them running afoul of copyright or intellectual property protections. And, unlike Grok 2, there's minimal chance of it outputting racist, offensive, or illegal content.

Read more
AMD may have a solution for your VRAM hungry games
Gigabyte's RX 9070 XT GPU.

Following a rocky road to AMD's RX 9000 series GPU launch, rumors circulating on the Chiphell forums suggest that AMD is planning to release a Radeon RX 9070 XT graphics card variant equipped with 32GB of GDDR6 memory. If true, this would make it one of the most VRAM-heavy GPUs in AMD’s next-generation lineup, catering to both gamers and AI enthusiasts who require large memory capacities. Reports indicate that this variant could launch by the second quarter of 2025, although AMD has yet to confirm any official details.

The standard RX 9070 XT is expected to feature 16GB of GDDR6 memory, which aligns with previous AMD GPUs in the high-end gaming segment. As pointed out by Techpowerup, to reach the rumored 32GB capacity, AMD would need to use 16 memory modules, each with a 2GB capacity, since there are no GDDR6 memory modules offering higher capacity.

Read more