UPDATE: In our post earlier today, we concluded that there was some sort of relationship between the Gauss and Flame malware actors based on observing CnC communication going to the Flame CnC IP address. At the same time, the CnC domains of Gauss were sink-holed to the same CnC IP. There was no indication or response in the communication originating from the CnC server to indicate that it may have been owned by another member of the security research community. In light of new information shared by the security community, we now know that our original conclusions were incorrect and we cannot associate these two malware families based solely upon these common CnC coordinates.
We apologize for any confusion that has resulted from our earlier assumptions. Unfortunately, the lack of a common information exchange about such activities can result in misleading conclusions.
Like the team at Kaspersky and the many others who actively participate in security research, the FireEye Lab is committed to improving the understanding of the most prevalent and dangerous cyber threats today. As we all know, it is not an easy job. We appreciate the feedback we receive from the security community, and our experience today is just one lesson on the need for even greater intelligence sharing and collaboration among the many talented groups and individuals in our field.
