Huffpost UK Tech uk

Flame Cyber Superweapon Creators Worked With Stuxnet Team, Kaspersky Lab Finds

Posted: Updated:
FLAME VIRUS
Alamy

Researchers have shown for the first time that the cyber 'super weapon' known as Flame was connected to the Stuxnet virus which targeted Iranian nuclear computers.

Flame was described as the largest and most malicious online attack ever discovered when it was unveiled around two weeks ago.

Researchers say it had the ability to control computers remotely, download virtually any information it needed, compromise nearby devices with Bluetooth, map nearby locations and record and send back audio.

Speculation has been mounting over who is responsible for Flame, after researchers said only a nation state would have the resources necessary to create it.

The discovery of the link with the older Stuxnet worm could lead to fresh questions for the United States, which was recently accused by the New York Times of having been behind that attack.

According to the Times' piec, the Stuxnet worm was created by the CIA under President Bush, and accelerated by President Obama.

Stuxnet was a virulent and highly targeted cyber attack which shut down more than 1,000 Iranian centrifuges used to enrich Uranium.

It had initially been thought that there was no obvious connection between Flame and Stuxnet, but now Kaspersky Lab Research, who helped uncover Flame, says analysis of the code shown that the Flane and Stuxnet teams cooperated at least once during the early stages of development.

"Kaspersky Lab discovered that a module from the early 2009-version of Stuxnet, known as Resource 207, was actually a Flame plugin," the company said.

The findings mean that when Stuxnet was created in 2009 the Flame platform already existed - and part of its source code was used in Stuxnet.

This module spread its infection via USB drives, and the relevant code is identical in both viruses.

"Subsequently, the Flame plugin module was removed from Stuxnet in 2010 and replaced by several different modules that utilised new vulnerabilities," the company said.

"Starting from 2010, the two development teams worked independently, with the only suspected cooperation taking place in terms of exchanging the know-how about the new “zero-day” vulnerabilities."

Last week the UN said it was likely a government was behind the attack.

Separately the Symantec Security Response lab said that Flame had the ability to 'commit suicide' and shut itself down when detected.

The security company said: "Late last week, some Flamer command-and-control (C&C) servers sent an updated command to several compromised computers.

"This command was designed to completely remove Flamer from the compromised computer."