Monday, June 11, 2012
Back to Stuxnet: the missing link
Two weeks ago, when we announced the discovery of the Flame malware we said that we saw no strong similarity between its code and programming style with that of the Tilded platform which Stuxnet and Duqu are based on.
Flame and Tilded are completely different projects based on different architectures and each with their own distinct characteristics. For instance, Flame never uses system drivers, while Stuxnet and Duqu’s main method of loading modules for execution is via a kernel driver.
But it turns out we were wrong. Wrong, in that we believed Flame and Stuxnet were two unrelated projects.
Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.