By: Kim Zetter, Wired
The sophisticated espionage toolkit known as Flame is directly tied to the Stuxnet superworm that attacked Iran’s centrifuges in 2009 and 2010, according to researchers who recently found that the main module in Flame contains code that is nearly identical to a module that was used in an early version of Stuxnet.
Researchers at Russia-based Kaspersky Lab discovered that a part of the module that allows Flame to spread via USB sticks using the autorun function on a Windows machine contains the same code that was used in a version of Stuxnet that was unleashed on computers in Iran in 2009, reportedly in a joint operation between the United States and Israel. The module, which was known as Resource 207 in Stuxnet, was removed from subsequent versions of Stuxnet, but it served as a platform for what would later develop into the full-fledged Flame malware that is known today.
