Back to Stuxnet: the missing link

From Botnets.fr
Revision as of 18:06, 7 February 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " www.securelist.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Back to Stuxnet: the missing link
Stuxnet the missing link.png
Botnet Stuxnet, Flame
Malware Tocy.a
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / June 11, 2012
Editor/Conference Kaspersky lab
Link http://www.securelist.com/en/blog/208193568/Back to Stuxnet the missing link (Archive copy)
Author Aleks
Type

Abstract

Two weeks ago, when we announced the discovery of the Flame malware we said that we saw no strong similarity between its code and programming style with that of the Tilded platform which Stuxnet and Duqu are based on.

Flame and Tilded are completely different projects based on different architectures and each with their own distinct characteristics. For instance, Flame never uses system drivers, while Stuxnet and Duqu’s main method of loading modules for execution is via a kernel driver. But it turns out we were wrong. Wrong, in that we believed Flame and Stuxnet were two unrelated projects. Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1033,
   editor = {Kaspersky lab},
   author = {Aleks},
   title = {Back to Stuxnet: the missing link},
   date = {11},
   month = Jun,
   year = {2012},
   howpublished = {\url{http://www.securelist.com/en/blog/208193568/Back_to_Stuxnet_the_missing_link}},
 }