Stuxnet Intrigue Deepens With Hidden Clues in Code

10/03/2010 07:57

From AOL News

The intrigue surrounding the mysterious, highly sophisticated computer worm Stuxnet got a little more Dan Brownish today with the revelation that there may be hidden messages embedded in the malware's code. The New York Times reported this morning that one of the files in the worm was called "Myrtus," which may be a reference to the Old Testament Book of Esther, in which Jews thwart a Persian plot against them. Along with mysterious Myrtus were two numbers that might be additional clues to who is behind the worm. Or, as the Times points out, they could mean nothing.

Below is a rundown of the hidden Stuxnet messages.

1. Myrtus
Ralph Langner, a German computer security expert, first deduced that "Myrtus" could be an allusion to Esther, who was born "Hadassah," the Hebrew word for "myrtle." But, the Times also points out that one of Stuxnet's code modules is named "Guava" and that guavas are from the Myrtus family.

2. 19790509
Three Symantec researchers today released a research paper in which they say the number "19790509," which appears in Stuxnet's code, is significant. They believe the numbers are a "do not infect" indicator, which stops the worm from infecting a PC. They speculate that the seemingly random numbers are actually the date May 09, 1979 -- the day that Jewish-Iranian businessman Habib Elghanian was executed in Tehran after being convicted of spying for Israel by the new government of Iran. The researchers, Nicolas Falliere, Liam O Murchu and Eric Chen, added a note of caution that the significance could be a ruse planted by Stuxnet's creators to point suspicions elsewhere, Computerworld reports.

3. June 24, 2012
The three Symantec experts also found in the code a "kill date" -- the date on which the worm is programmed to shut down. The termination date is June 24, 2012.


Share |