Hacker News new | past | comments | ask | show | jobs | submit login

They are a family, as in, all of them were almost certainly created by the same group.

Symantec said that Duqu is "near identical" to Stuxnet. As for Flame, Kaspersky[0] initially said that it contains no resemblance to Stuxnet, and then later on discovered that they've even shared a zero day in their early versions.

From my understanding, I don't necessarily consider them as different software, more as a single software + forks by the same group for different purposes and with different zero days.

Stuxnet just happened to be the one that got to be the most popular one, for a number of reasons (most destructive, attacking the most sensitive targets, the one that got out of control and spread outside of Iran uncontrollably, first to be discovered...), so I refer to Stuxnet as the original one and Flame and Duqu as more of forks than completely different pieces of software.

Which one is more sophisticated between the three would be the same as if we tried figuring out which Linux-based OS is the most sophisticated, except that in this scenario, we only have 3 Linux distros (maybe four with Gauss) and they've all been created by the same group. There's really no point in trying to compare their sophistication.

[0] Before people bash on me for using Kaspersky as a source, Kaspersky, Iranian CERT and a university in Bucharest were the ones that initially discovered Flame, and Kaspersky's the group that published the first detailed analysis on Flame.

Out of topic but your defense for referencing Kaspersky makes me wonder why people would see a problem with it? I'm not familiar with the field and don't know who's who.

Only if you're on "Team USA". Looking on from outside, it seems to me pretty obvious that a Russian security company might provide useful insights on US malware operations that a large US security company would be less inclined or would not immediately report on.

Otherwise it's just your basic mudslinging; Both Kaspersky and US security companies are likely to do their governments favours, in particular by selectively not reporting things, both willingly and under pressure. If you're a US citizen working for a US security company and you'd stumble upon a US malware operation that appears to be doing something benign, such as preventing nuclear whatnots, you might be disinclined to report on it for fear of ruining a US malware mission--and even look past the fact that they're using such a risky, dangerous type of software to do it (being a worm/virus, remember that Stuxnet also disrupted and got into places that weren't targets).

Back when Stuxnet was active, I closely followed the story and the existence of the (airgap-hopping) virus was discovered long before people got any solid ideas about its purpose. When finally the first reports came that the special control software checked for machines running on a frequency that were only used in either some Finnish industrial plant or these Iranian refineries[0], the first reports on this did not come from a US security company.

[0] This part is a bit vague sorry. I wish I had sourced/fact-checked this part of the story better, years ago. There was so much going on.

They're a Russian company and semi-recently Trump banned their software from government agencies.

People theorize they're controlled by the Russian government but I've never come across any evidence that they're anything other than a top tier security company though.

They have done some fairly bold moves in the past though, like cleverly calling out other AV companies that were copying their detections [0] and kind of embarrassing the NSA [1] when a NSA employee took their malware/cyber weapons home to their PC running Kaspersky AV, which detected the malware and sent it back to Kaspersky server for analysis.


[1] https://www.bleepingcomputer.com/news/security/nsa-employee-...

In Kaspersky's defense, they have started making their source code auditable for certain customers. Kaspersky is well aware of how they are perceived as a company, and they are aware that if anyone ever traces any of their activities back to the KGB, it's game over for them. I can't pretend I trust Kaspersky 100%, but I can see why others might.



"I've received feedback from people who were just focusing on the question why other anti-virus companies would detect a clean file we uploaded. And I can only repeat as I did in the blog: This could have happened to us as well," Kalkuhl explained."

Well, he clearly says, the test was to expose the "negative effect of cheap static on-demand tests" and not that others copied from them, because this seems to be routine and they do the same.

> They're a Russian company and semi-recently Trump banned their software from government agencies.

I know it's popular to bash Trump, but it was the DHS that banned the software, not Trump:

In a binding directive, acting homeland security secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government and its software poses a security risk.

Which came after the GSA removed them from the list of approved vendors:

The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists with Kaspersky that could give the Kremlin backdoor access to the systems the company protects.


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact