Researchers Find Clues in Malware
Source: NYT
Security experts have only begun examining the thousands of lines of code that make up Flame, an extensive, data-mining computer virus that has been designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities.
Researchers at Kaspersky Lab, which first reported the virus Monday, believe Flame was written by a different group of programmers from those who had created other malware directed at computers in the Middle East, particularly those in Iran. But Flame appears to be part of the state-sponsored campaign that spied on and eventually set back Irans nuclear program in 2010, when a digital attack destroyed roughly a fifth of Irans nuclear centrifuges.
We believe Flame was written by a different team of programmers but commissioned by the same larger entity, Roel Schouwenberg, a security researcher at Kaspersky Labs, said in an interview Wednesday. But he would not say which governments he was speaking of.
Flame, these researchers say, shares several notable features with two other major programs that targeted Iran in recent years. The first virus, Duqu, was a reconnaissance tool that researchers say was used to copy blueprints of Irans nuclear program. The second, Stuxnet, was designed to attack industrial control systems and specifically calibrated to spin Iranian centrifuges out of control.
Read more: http://www.nytimes.com/2012/05/31/technology/researchers-link-flame-virus-to-stuxnet-and-duqu.html
progressoid
(49,992 posts)drm604
(16,230 posts)it contained numerous references to American movie characters. That seems kind of stupid. If I was involved in something like this, I'd use some sort of random character string generator to generate the names of variables, etc. in order to avoid cultural imprints. This almost makes me wonder if someone wasn't trying to make it look like Americans were involved.
That said, it's not hard to believe that the US could have been involved.
Ian David
(69,059 posts)DCKit
(18,541 posts)Ian David
(69,059 posts)drm604
(16,230 posts)the article states that researchers have determined that the programmers were not active between sundown on Fridays and sundown on Saturdays.