http://www.computerworld.com/s/article/9188982/Stuxnet_code_hints_at_possible_Israeli_origin_researchers_say By Gregg Keizer Computerworld September 30, 2010 Security researchers today offered another tantalizing clue about the possible origins of the notorious Stuxnet worm, but cautioned against reading too much from the obscure tea leaves. In a paper released today and presented at a Vancouver, British Columbia security conference, a trio of Symantec researchers noted that Stuxnet includes references in its code to the 1979 execution of a prominent Jewish Iranian businessman. Buried in Stuxnet's code is a marker with the digits "19790509" that the researchers believe is a "do-not infect" indicator. If the marker equals that value, Stuxnet stops in its tracks, and does not infect the targeted PC. The researchers -- Nicolas Falliere, Liam O Murchu and Eric Chen -- speculated that the marker represents a date: May 9, 1979. "While on May 9, 1979, a variety of historical events occurred, according to Wikipedia "Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community," the researchers wrote. [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Sep 30 2010 - 23:52:51 PDT
This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 00:01:14 PDT