Difference between revisions of "Back to Stuxnet: the missing link"

(Publication) Google search: [1]

Back to Stuxnet: the missing link
Botnet	Stuxnet, Flame
Malware	Tocy.a
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date	2012 / June 11, 2012
Editor/Conference	Kaspersky lab
Link	http://www.securelist.com/en/blog/208193568/Back to Stuxnet the missing link (Archive copy)
Author	Aleks
Type

Abstract

“ Two weeks ago, when we announced the discovery of the Flame malware we said that we saw no strong similarity between its code and programming style with that of the Tilded platform which Stuxnet and Duqu are based on.

Flame and Tilded are completely different projects based on different architectures and each with their own distinct characteristics. For instance, Flame never uses system drivers, while Stuxnet and Duqu’s main method of loading modules for execution is via a kernel driver. But it turns out we were wrong. Wrong, in that we believed Flame and Stuxnet were two unrelated projects. Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1033,
   editor = {Kaspersky lab},
   author = {Aleks},
   title = {Back to Stuxnet: the missing link},
   date = {11},
   month = Jun,
   year = {2012},
   howpublished = {\url{http://www.securelist.com/en/blog/208193568/Back_to_Stuxnet_the_missing_link}},
 }