Flame creators may have worked with Stuxnet team

Posted by Emma Woollacott

Security experts say that the Stuxnet and Flame viruses share sections of code, indicating that their creators collaborated.

The finding increases suspicion that the US and Israel were responsible for Flame, despite rather unconvincing denials.

"Kaspersky Lab discovered that a module from the early 2009 version of Stuxnet, known as 'Resource 207', was actually a Flame plugin," says Kaspersky, the security company that uncovered the existence of Flame.

"This means that when the Stuxnet worm was created in the beginning of 2009, the Flame platform already existed, and that in 2009, the source code of at least one module of Flame was used in Stuxnet."

The module concerned was used to spread the infection via USB drives in an identical way in both Flame and Stuxnet. It was removed from Stuxnet in 2010, and replaced by several different modules that utilized new vulnerabilities. From this point on, says Kaspersky, the two development teams worked largely independently.

Previously, it had been discovered that Stuxnet and Duqu, a cyber-weapon doscovered in 2011, shared an attack platform known as Tilded. At first sight, Flame appeared different.

"Despite the newly discovered facts, we are confident that Flame and Tilded are completely different platforms, used to develop multiple cyber-weapons. They each have different architectures with their own unique tricks that were used to infect systems and execute primary tasks. The projects were indeed separate and independent from each other," says Kaspersky's chief security expert, Alexander Gostev.

"However, the new findings that reveal how the teams shared source code of at least one module in the early stages of development prove that the groups cooperated at least once. What we have found is very strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected."

Israel has denied any involvement in either Stuxnet or Flame. The US, though, has been rather vague on the matter - just as one might expect, given its previous vociferous criticism of other countries for engaging in cyber-warfare.