In what may be the latest fallout from the cold cyberwar taking place between the US and Russia, the head of the investigation unit, and one of the most important cybercrime experts at Kaspersky Lab, Russia’s biggest cybersecurity firm, was been arrested on charges of treason. Stoyanov was involved in every big anti-cybercrime operation in Russia in past years, including the one against the components of the Lurk cybercrime gang.
– Flame Steals Data Even When Computers Are Not Connected to the Internet (Occupy Corporatism, June 13, 2012):
Experts specializing in malware from Bitdefender have uncovered a special capability in Flame’s code that allows the virus to steal data from computers that are not connected to the internet or networked machines.
Flame can move stolen data to a USB memory stick plugged into an infected harddrive. Bitdefender assert that this ability has never been witnessed before. This cyberespionage virus will move stolen information to an USB outlet, then seemingly wait for the chance to upload it to the malware controllers once the infected computer links to the internet.
– Diving Into Flame, Researchers Find A Link To Stuxnet (threatpost, June 11, 2012):
Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin.
Researchers from Kaspersky Lab say that a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda. The claims are the most direct, to date, that link the Flame malware, which attacked Iranian oil facilities, with Stuxnet, which is believed to have targeted Iran’s uranium-enrichment facility at Natanz. If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country.
According to the Kaspersky researchers, early versions of Stuxnet were, in fact, created out of components that were part of what they refer to as the “Flame platform”. But they believe development of the two malicious programs diverged after 2009, suggesting that two different development teams may have been working independently for a single entity to create malware with specific objectives, according to Kaspersky researchers, writing on the company’s blog, Securelist.