Some Flame code found in Stuxnet virus: experts
June 13, 2012, 12:09 am TWN
By Jim Finkle and Joseph Menn--Two leading computer security firms have linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon, which was widely believed to have been used by the United States and Israel to attack Iran's nuclear program.
Eugene Kaspersky, chief executive of Moscow-based Kaspersky Lab, which uncovered Flame last month, said at the Reuters Global Media and Technology Summit on Monday his researchers have since found that part of the Flame program code is nearly identical to code found in a 2009 version of Stuxnet.
Later in the day, the largest security firm, Symantec Corp, said it had confirmed that some source code had been shared.
The new research could bolster the belief of many security experts that Stuxnet was part of a U.S.-led cyber program still active in the Middle East and perhaps other parts of the world.
Flame is the most complex computer spying program ever discovered and appeared to be aimed at government and energy-industry offices in Iran, Israel, the Palestinian territories and Sudan. It has the capacity to steal or alter electronic documents. Flame has 20 times as much code as Stuxnet and hijacked Microsoft's process for automatic updates in order to install itself.
Although neither Kaspersky nor Symantec said who they thought built Flame, news organizations, including Reuters and The New York Times, have reported the U.S. and Israel were behind Stuxnet — which was uncovered in 2010 after it damaged centrifuges used to enrich uranium at a facility in Natanz, Iran.
Instead of issuing denials, authorities in Washington recently launched investigations into leaks about the highly classified project. The White House declined to comment.
On Stuxnet and Flame, "there were two different teams working in collaboration," Kaspersky told the Reuters Summit in London.
Flame is a highly sophisticated computer virus that disguises itself as common business software. It was deployed at least five years ago and can eavesdrop on conversations on the computers it infects and steal data.
Security experts have suspected links among Flame, Stuxnet and Duqu — another piece of malicious software that was discovered last year — but Kaspersky Lab was the first to say it found hard evidence.