Wednesday, September 22, 2010
Update (10/01/2010): F-secure has a nice Stuxnet Questions and Answers post along with a video demonstration of what Stuxnet is capable of. Two pieces of internal evidence from the reverse engineering:
1. The path statement in the compiled code, \myrtus\src\objfre_w2k_x86\i386\guava.pdb, has the words myrtus and guava. Guavas are plants of the myrtle family. They are a type of pomegranate which serves as the Jewish symbols of righteousness and fruitfulness. Is Stuxnet a weapon of righteousness targeting the servants (machines) of the enemies of Israel? In this case, is the enemy, Iran? Are we dealing with a former biologist who is now a programmer, or with someone exposed to taxonomic nomenclature who could make an inside joke?
2. The registry key created called 19790509, which is the date, May 9, 1979, which was the date Habib Elghanian was executed in Iran as a spy on what appear to be completely false charges. His death led to the mass exodus of 100,000 Jews from Iran.
Here's The Register's analysis. Symantec has released the Steuxnet Whitepaper.