Back to Stuxnet: the missing link

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Back to Stuxnet: the missing link
Stuxnet the missing link.png
Botnet Stuxnet, Flame
Malware Tocy.a
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / June 11, 2012
Editor/Conference Kaspersky lab
Link http://www.securelist.com/en/blog/208193568/Back to Stuxnet the missing link (Archive copy)
Author Aleks
Type

Abstract

Two weeks ago, when we announced the discovery of the Flame malware we said that we saw no strong similarity between its code and programming style with that of the Tilded platform which Stuxnet and Duqu are based on.

Flame and Tilded are completely different projects based on different architectures and each with their own distinct characteristics. For instance, Flame never uses system drivers, while Stuxnet and Duqu’s main method of loading modules for execution is via a kernel driver. But it turns out we were wrong. Wrong, in that we believed Flame and Stuxnet were two unrelated projects. Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.

Bibtex

 @misc{Aleks2012BFR1033,
   editor = {Kaspersky lab},
   author = {Aleks},
   title = {Back to Stuxnet: the missing link},
   date = {11},
   month = Jun,
   year = {2012},
   howpublished = {\url{http://www.securelist.com/en/blog/208193568/Back_to_Stuxnet_the_missing_link}},
 }