[ISN] Stuxnet code hints at possible Israeli origin, researchers say

From: InfoSec News <alerts_at_private>
Date: Fri, 1 Oct 2010 01:52:51 -0500 (CDT)
http://www.computerworld.com/s/article/9188982/Stuxnet_code_hints_at_possible_Israeli_origin_researchers_say

By Gregg Keizer
Computerworld
September 30, 2010

Security researchers today offered another tantalizing clue about the 
possible origins of the notorious Stuxnet worm, but cautioned against 
reading too much from the obscure tea leaves.

In a paper released today and presented at a Vancouver, British Columbia 
security conference, a trio of Symantec researchers noted that Stuxnet 
includes references in its code to the 1979 execution of a prominent 
Jewish Iranian businessman.

Buried in Stuxnet's code is a marker with the digits "19790509" that the 
researchers believe is a "do-not infect" indicator. If the marker equals 
that value, Stuxnet stops in its tracks, and does not infect the 
targeted PC.

The researchers -- Nicolas Falliere, Liam O Murchu and Eric Chen -- 
speculated that the marker represents a date: May 9, 1979.

"While on May 9, 1979, a variety of historical events occurred, 
according to Wikipedia "Habib Elghanian was executed by a firing squad 
in Tehran sending shock waves through the closely knit Iranian Jewish 
community," the researchers wrote.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Sep 30 2010 - 23:52:51 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 00:01:14 PDT