Virus programmers 'Cyber ​​War' Flame and Stuxnet Allegedly Same

Virus programmers 'Cyber ​​War' Flame and Stuxnet Allegedly Same. Very dangerous virus called Flame in May 2012. Flame also revealed a computer virus is not regular, he is a cyber weapon to attack a country.
The Code that is responsible for distributing malware Stuxnet use USB drive is really the same as that used in the Flame was founded in Stuxnet too. like said Alexander Gostev, Chief Security Expert, Kaspersky Lab.


Before the Flame, there is a computer virus Stuxnet and Duqu are also used as a cyber-war virus.

At the time found no strong evidence that the Flame was developed by the same team that made Stuxnet and Duqu.

The approach taken to develop the Flame is not the same as Stuxnet / Duqu, to conclude that this project was made by a different team.

However, following extensive research, conducted by Kaspersky Lab experts, these teams (Flame and Stuxnet / Duqu) worked at least one occasion, when the initial development of the Flame.

Malware Flame, was found in May 2012 through an investigation initiated by the International Communications Union (ITU) and conducted by Kaspersky Lab, a first look very different.

Some features, such as the size of the program, use of the LUA programming language and a variety of functionality, all indicate that the Flame is not associated with the creator Duqu or Stuxnet.

However, new facts emerge and change history Stuxnet clearly proves that the platform "Tilded" Flame is indeed related to the platform.

The new findings

The earliest version of the best knowledge of Stuxnet, created around June 2009, contains a special module called "Resource 207". Stuxnet on the 2010 version of this module is removed. Module "Resource 207" is a DLL file is encrypted and contains the executable file size of 351.768 bits with the name "atmpsvcn.ocx".

This file, which was revealed from the results of the investigation Kaspersky Lab, has much in common with the code used in the Flame. Obvious similarities include the name of mutually exclusive objects, the algorithm used to decrypt the string, and a similar approach to naming files.

In addition, most of the code in the module and Flame Stuxnet seems the same, which leads to the conclusion that the exchange between the team and the team Stuxnet Flame / Duqu done in the form of source code (not in binary).

The main function module "Resource 207" Stuxnet is distributing an infection from one machine to another, using a USB drive and exploit vulnerabilities in the Windows kernel has gained freedom for the system.