Kaspersky: Cyberweapons Flame and Stuxnet share code

Flame malware / cyberweapon

When word of the sophisticated Flame cyberweapon first came out a couple weeks ago, Russian security firm Kaspersky indicated that despite some superficial similarities, there was no indication Flame had much of anything in common with Stuxnet, a software weapon that specifically targeted Iran’s uranium-enrichment efforts and then escaped into the wild. Now, Kaspersky says it was wrong: The firm claims to have uncovered shared code that indicate the creators of Flame and Stuxnet at least worked together — and may even be the same people.

Flame has attracted considerable attention in security circles for its sophisticated architecture the enables attackers to install modules tailored to their interest in a particular systems. Various modules appear to perform “normal” malware tasks like scanning through users’ files and logging keystrokes; Flame modules have also been found that appear to take screenshots, turn on audio microphones to record audio, and even poll nearby Bluetooth devices for contacts and other information.

The evidence? Back when Stuxnet was roaming free, Kaspersky’s automated systems picked up on something that looked like a Stuxnet variant. When Kaspersky’s staff initially looked at it, they couldn’t really understand why their systems thought it was Stuxnet, assumed it was an error, and reclassified it under the name “Tocy.a.” When Flame, appeared, however, Kaspersky went back to look for things that might link Flame to Stuxnet — and, lo and behold, there the Tocy.a variant that didn’t make any sense. In light of Flame, Kaspsersky says Tocy.a actually makes more sense: it’s an early version of a plug-in module for Flame that implements what (at the time) was a zero-day privilege escalation exploit in Windows. Tocy.a wandered into Kaspersky’s systems all the way back in October 2010, and contains code that can be traced to 2009.

“We think it’s actually possible to talk about a ‘Flame’ platform, and that this particular module was created based on its source code,” wrote Kaspersky’s Alexander Gostev.

If Kaspersky’s analysis is correct, it would indicate the “Flame platform” was already up and running by the time the original Stuxnet was created and set loose back in early-to-mid 2009. The approximate dating is possible because the proto-Flame code only appears in the first version of the Stuxnet worm: It vanished from two subsequent versions of Stuxnet that appeared in 2010.

Kaspersky infers that the highly-modular Flame platform proceeded on a different development path from Stuxnet, meaning there were at least two development teams involved. But the present of that early version of a Flame module seems to indicate the Stuxnet developers had access to source code for a true zero-day Windows exploit that was (at that point) unknown to the broader security community. That means the two teams were pretty tight, at least at one point.

The New York Times has reported that Stuxnet was created as a cyberweapon by the United States and Israel in an effort to hample Iran’s uranium enrichment activities. Since the discovery of Flame and its subsequent analysis by computer security firms, Flame’s creators have apparently sent a “suicide” command to some Flame-infected systems in an effort to remove traces of the software.

Emerging Tech

Awesome Tech You Can’t Buy Yet: Grow veggies indoors and shower more efficiently

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Computing

The HoloLens 2 will be announced at MWC. Here's what we know about it so far

The HoloLens 2 is ripe for an announcement. Here's what Microsoft has revealed so far, what's likely in store for the next generation HoloLens, and everything that we know about this mixed reality headset.
Cars

The Polestar 2, Sweden’s answer to the Tesla Model 3, begins taking shape

Volvo sister company Polestar has released a teaser image to give us our first look at the 2, its second model. Polestar tells us the 2 will arrive as a four-door fastback with a 400-hp electric powertrain and about 300 miles of range.
Computing

These Windows 10 keyboard shortcuts will take your skills to a new level

Windows 10 has many new features, and they come flanked with useful new keyboard shortcuts. Check out some of the new Windows 10 keyboard shortcuts to improve your user experience and save more time!
Computing

What is Wi-Fi 6? Here's a look at the next evolution of the wireless standard

We're exploring the new naming convention for wireless standards, how it affects the devices you buy, and what the upcoming Wi-Fi generation is changing for the better.
Computing

Windows is getting a face-lift in 2020, but you can get a sneak peek right now

Microsoft is increasing the lead time for an upcoming major update to Windows 10, giving Windows Insiders the ability to test it right now, even though it's not set for release until 2020.
Emerging Tech

A.I.-powered website creates freakishly lifelike faces of people who don’t exist

No, this isn't a picture of a missing person. It's a face generated by a new artificial intelligence on the website ThisPersonDoesNotExist.com. Here's how the impressive A.I. works.
Deals

The best Presidents’ Day sales 2019: Amazon, Walmart, Dell, and more

Presidents' Day sales are a great chance to score electronics, clothing, home and office stuff, and other goodies at a discount. We’ve smoked out a large handful of the best of these Presidents' Day deals, from tech to bedding, to help…
Deals

Keep your MacBook safe and dry with an Under Armour backpack for under $50

Under Armour is having a huge sale this weekend to help you on your quest for a better backpack. The UA Outlet Exclusive sale is going on now through Monday, February 18th, offering great discounts on stormproof backpacks.
Deals

Walmart Presidents’ Day sale: Instant Pot, Google Home, and 4K TV deals

Presidents' Day weekend is one of the best times of the year to find deep discounts on 4K TVs, laptops, Instant Pots, clothes, mattresses, and furniture. And Walmart is offering deals on all of those things and more.
Computing

Don't know what to do with all your old DVDs? Here's how to convert them to MP4

Given today's rapid technological advancements, physical discs are quickly becoming a thing of the past. Check out our guide on how to convert a DVD to MP4, so you can ditch discs for digital files.
Computing

Wi-Fi helps connect all of our devices at high-speed, but what exactly is it?

What is Wi-Fi? It's a technology we all use everyday to connect all of our portable devices, but understanding how it works and how far it's come from its humble beginnings is another thing entirely.
Computing

In the age of Alexa and Siri, Cortana’s halo has grown dim

In a sea of voice assistants, Cortana has become almost irrelevant. The nearly five-year-old voice assistant is seeing little love from consumers, and here’s why it is dead.