Stuxnet Analysis Backs Iran-Israel Connection

Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention." Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).

Re:It's called circumstantial evidence

[Jah-Wren+Ryel]

there are also references to "Myrtus" within a path left in the code.

Considering the virus targets the PLCs in SCADA systems where RTUs are standard system components, I'm willing to bet that "myrtus" is short for something like "My RTU Source" rather than an obscure reference to guavas.

Re:Wait a minute.

[unitron]

Who else does Iran sell these PLC's to?

Iran doesn't make and sell them, Siemens does.