Thread: Malware hits industrial equipment
View Single Post
Old 05-31-2012, 09:29 AM   #43
Lamplighter
Person who doesn't update the user title
 
Join Date: Jun 2010
Location: Bottom lands of the Missoula floods
Posts: 6,402
NY Times
By NICOLE PERLROTH
Published: May 30, 2012

Researchers Find Clues in Malware
Quote:
SAN FRANCISCO — Security experts have only begun examining the thousands of lines of code that make up Flame, an extensive, data-mining computer virus that has been designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities.
<snip>

Flame, these researchers say, shares several notable features with two other major programs that targeted Iran in recent years. The first virus, Duqu, was a reconnaissance tool that researchers say was used to copy blueprints of Iran’s nuclear program. The second, Stuxnet, was designed to attack industrial control systems and specifically calibrated to spin Iranian centrifuges out of control.

Because Stuxnet and Duqu were written on the same platform and share many of the same fingerprints in their source code, researchers believe both were developed by the same group of programmers. Those developers have never been identified, but researchers have cited intriguing bits of digital evidence that point to a joint American-Israeli effort to undermine Iran’s efforts to build a nuclear bomb.

For example, researchers at Kaspersky Lab tracked the working hours of Duqu’s operators and found they coincided with Jerusalem local time. They also noted that Duqu’s programmers were not active between sundown on Fridays and sundown on Saturdays, a time that coincides with the Sabbath when observant Jews typically refrain from secular work.<snip>

Unlike Duqu and Stuxnet, security researchers say, Flame is remarkable in that it has been able to evade discovery for five years — which was impressive given its size. Most malware is a couple hundred kilobytes in size. Flame is 20 megabytes. “It was hiding in plain sight,” said Mr. Schouwenberg. “It was designed in such a way that it was nearly impossible to track down.”
Researchers noted that Flame spreads through more conservative means. Researchers say that while Stuxnet had the ability to replicate autonomously, Flame can spread from machine to machine only when prompted by the attacker.
Lamplighter is offline   Reply With Quote