AOH :: ISNQ7008.HTM

Stuxnet code hints at possible Israeli origin, researchers say




Stuxnet code hints at possible Israeli origin, researchers say
Stuxnet code hints at possible Israeli origin, researchers say



http://www.computerworld.com/s/article/9188982/Stuxnet_code_hints_at_possible_Israeli_origin_researchers_say 

By Gregg Keizer
Computerworld
September 30, 2010

Security researchers today offered another tantalizing clue about the 
possible origins of the notorious Stuxnet worm, but cautioned against 
reading too much from the obscure tea leaves.

In a paper released today and presented at a Vancouver, British Columbia 
security conference, a trio of Symantec researchers noted that Stuxnet 
includes references in its code to the 1979 execution of a prominent 
Jewish Iranian businessman.

Buried in Stuxnet's code is a marker with the digits "19790509" that the 
researchers believe is a "do-not infect" indicator. If the marker equals 
that value, Stuxnet stops in its tracks, and does not infect the 
targeted PC.

The researchers -- Nicolas Falliere, Liam O Murchu and Eric Chen -- 
speculated that the marker represents a date: May 9, 1979.

"While on May 9, 1979, a variety of historical events occurred, 
according to Wikipedia "Habib Elghanian was executed by a firing squad 
in Tehran sending shock waves through the closely knit Iranian Jewish 
community," the researchers wrote.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods