PDA

View Full Version : Discovery of new "zero-day" exploit links developers of Stuxnet, Flame


News
06-11-12, 06:10 PM
http://cdn.arstechnica.net/wp-content/uploads/2012/06/stuxnet-2009-resources.png A map of resources found in an early varient of Stuxnet. Resource 207 contains the guts of what is now Flame.
Kaspersky Lab (https://www.securelist.com/en/images/pictures/klblog/208193580.png)


Flame



Microsoft contains Flame with Windows Update revamp (http://arstechnica.com/security/2012/06/revamped-windows-update-contains-flame/)
Flame espionage malware issues self-destruct command (http://arstechnica.com/security/2012/06/flame-espionage-malware-issues-self-destruct-command/)
Crypto breakthrough shows Flame was designed by world-class scientists (http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/)
Flame's "god mode cheat code" wielded to hijack Windows 7, Server 2008 (Updated) (http://arstechnica.com/security/2012/06/flames-god-mode-cheat-code-wielded-to-hijack-windows-7-server-2008/)
Flame malware wielded rare "collision" crypto attack against Microsoft (http://arstechnica.com/security/2012/06/flame-wields-rare-collision-crypto-attack/)

Security researchers say they've found a conclusive link between the Flame espionage malware and Stuxnet, the powerful cyberweapon that US and Israeli officials recently confirmed (http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/) they designed to sabotage Iran's nuclear program.

An early version of Stuxnet dating back to 2009 contained executable code that targeted what was then an unknown security flaw in Microsoft Windows, a discovery that brings the number of zero-day vulnerabilities exploited by the malware to at least five, researchers from Kaspersky Lab said Monday morning. Even more significantly, they discovered that a 6MB chunk of code found in the Stuxnet.A (1.0) variant contained the guts of today's Flame. In addition to unearthing previously overlooked data about how Stuxnet hijacked targeted networks, the discovery is important because it establishes the first positive connection between the developers of Stuxnet and those behind Flame, which came to light two weeks ago (http://arstechnica.com/security/2012/05/spy-malware-infecting-iranian-networks-is-engineering-marvel-to-behold/) as a highly sophisticated espionage platform that targeted computers in Iran and other Middle Eastern countries.

"The fact that the Flame group shared their source code, their intellectual property, with the Stuxnet group proves that there is an actual link," Roel Schouwenberg , a senior researcher at Kaspersky Lab, said during an online press conference. "They actually cooperated at least once. That's, I think, huge news. It confirms our beliefs we've had all along, that the Flame operation and the Stuxnet operation were two parallel projects fashioned by the same entities."

Read more (http://arstechnica.com/security/2012/06/zero-day-exploit-links-stuxnet-flame/) | Comments (http://arstechnica.com/security/2012/06/zero-day-exploit-links-stuxnet-flame/?comments=1#comments-bar)



http://feeds.feedburner.com/~ff/arstechnica/index?i=VyQxS_INydA:V_AcZTLu5Uc:V_sGLiPBpWU (http://feeds.arstechnica.com/~ff/arstechnica/index?a=VyQxS_INydA:V_AcZTLu5Uc:V_sGLiPBpWU) http://feeds.feedburner.com/~ff/arstechnica/index?i=VyQxS_INydA:V_AcZTLu5Uc:F7zBnMyn0Lo (http://feeds.arstechnica.com/~ff/arstechnica/index?a=VyQxS_INydA:V_AcZTLu5Uc:F7zBnMyn0Lo) http://feeds.feedburner.com/~ff/arstechnica/index?d=qj6IDK7rITs (http://feeds.arstechnica.com/~ff/arstechnica/index?a=VyQxS_INydA:V_AcZTLu5Uc:qj6IDK7rITs) http://feeds.feedburner.com/~ff/arstechnica/index?d=yIl2AUoC8zA (http://feeds.arstechnica.com/~ff/arstechnica/index?a=VyQxS_INydA:V_AcZTLu5Uc:yIl2AUoC8zA)
http://feeds.feedburner.com/~r/arstechnica/index/~4/VyQxS_INydA

More... (http://feeds.arstechnica.com/~r/arstechnica/index/~3/VyQxS_INydA/)