Discovery of new “zero-day” exploit links developers of Stuxnet, Flame

Quite interesting news:

An early version of Stuxnet dating back to 2009 contained executable code that targeted what was then an unknown security flaw in Microsoft Windows, a discovery that brings the number of zero-day vulnerabilities exploited by the malware to at least five, researchers from Kaspersky Lab said Monday morning. Even more significantly, they discovered that a 6MB chunk of code found in the Stuxnet.A (1.0) variant contained the guts of today’s Flame. In addition to unearthing previously overlooked data about how Stuxnet hijacked targeted networks, the discovery is important because it establishes the first positive connection between the developers of Stuxnet and those behind Flame, which came to light two weeks ago as a highly sophisticated espionage platform that targeted computers in Iran and other Middle Eastern countries.

The techie in me is boggled at the resources they poured into discovering zero-day exploits, applications to exploit them, and the entire malware package wrapped around it.

The citizen in me is just amazed that the U.S. government is comfortable committing so much sabotage, espionage, and military action against nations with which we are not at war.  It’s just another reminder that you cannot trust your government.

via Discovery of new “zero-day” exploit links developers of Stuxnet, Flame | Ars Technica.

Be Sociable, Share!

Leave a Reply