Tuesday, November 30, 2010

Stuxnet - wow!

Ok, interesting tidbit for today. This is my favorite quote so far from the Symantec 63 page paper analyzing the Stuxnet worm. The paper is located here.

In the driver file, the project path b:\myrtus\src\objfre_w2k_x86\i386 \guava.pdb was not removed.

Guavas are plants in the myrtle (myrtus) family genus. The string could have no significant meaning; however, a variety of interpretations have been discussed. Myrtus could be “MyRTUs”. RTU stands for remote terminal unit and are similar to a PLC and, in some environments, used as a synonym for PLCs. In addition, according to Wiki- pedia, “Esther was originally named Hadassah. Hadassah means ‘myrtle’ in Hebrew.” Esther learned of a plot to assassinate the king and “told the king of Haman’s plan to massacre all Jews in the Persian Empire...The Jews went on to kill only their would-be executioners.” Symantec cautions readers on drawing any attribution conclu- sions. Attackers would have the natural desire to implicate another party.

In other words - just because it looks like Israel don't necessarily make it so. ;-)

No comments:

Post a Comment