02-10-2010, 04:51 AM
Well, it didn't take long for some to disassemble what was an obvious piece of blech from the Grey Lady. Here from Cryptome:
1 October 2010
[B]Stuxnet Myrtus or MyRTUs? [/B]
A sends:
John Markoff in the New York Times has written an article which intimates that the Stuxnet worm may be the work of Israel's Unit 8200.
http://www.nytimes.com/2010/09/30/world/...0worm.html
According to Markoff,
"Several of the teams of computer security researchers who have been dissecting the software found a text string that suggests that the attackers named their project Myrtus... an allusion to the Hebrew word for Esther. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively."
Really? Personally I'd be surprised if a crack team of Israeli software engineers were so sloppy that they relied on outdated rootkit technology (e.g. hooking the Nt*() calls used by Kernel32.LoadLibrary() and using UPX to pack code). Most of the Israeli developers I've met are pretty sharp. Just ask Erez Metula.
[URL="http://www.blackhat.com/presentations/bh-usa-09/METULA/BHUSA09-Metula-ManagedCodeRootkits-PAPER.pdf"]http://www.blackhat.com/presentations/bh-usa-09/METULA/BHUSA09-Metula-ManagedCodeRootkits-
PAPER.pdf [/URL]
It may be that the "myrtus" string from the recovered Stuxnet file path
"b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb" stands for "My-RTUs"
as in Remote Terminal Unit. See the following white paper from Motorola, it examines RTUs and PICs in SCADA systems. Who knows? The guava-myrtus connection may actually hold water.
[URL="http://www.motorola.com/web/Business/Products/SCADA%20Products/_Documents/Static%20Files/SCADA_Sys_Wht_Ppr-2a_New.pdf"]http://www.motorola.com/web/Business/Products/SCADA%20Products/_Documents/Static%20Files/SCADA_
Sys_Wht_Ppr-2a_New.pdf [/URL]
As you can see, the media's propaganda machine is alive and well.
1 October 2010
[B]Stuxnet Myrtus or MyRTUs? [/B]
A sends:
John Markoff in the New York Times has written an article which intimates that the Stuxnet worm may be the work of Israel's Unit 8200.
http://www.nytimes.com/2010/09/30/world/...0worm.html
According to Markoff,
"Several of the teams of computer security researchers who have been dissecting the software found a text string that suggests that the attackers named their project Myrtus... an allusion to the Hebrew word for Esther. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively."
Really? Personally I'd be surprised if a crack team of Israeli software engineers were so sloppy that they relied on outdated rootkit technology (e.g. hooking the Nt*() calls used by Kernel32.LoadLibrary() and using UPX to pack code). Most of the Israeli developers I've met are pretty sharp. Just ask Erez Metula.
[URL="http://www.blackhat.com/presentations/bh-usa-09/METULA/BHUSA09-Metula-ManagedCodeRootkits-PAPER.pdf"]http://www.blackhat.com/presentations/bh-usa-09/METULA/BHUSA09-Metula-ManagedCodeRootkits-
PAPER.pdf [/URL]
It may be that the "myrtus" string from the recovered Stuxnet file path
"b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb" stands for "My-RTUs"
as in Remote Terminal Unit. See the following white paper from Motorola, it examines RTUs and PICs in SCADA systems. Who knows? The guava-myrtus connection may actually hold water.
[URL="http://www.motorola.com/web/Business/Products/SCADA%20Products/_Documents/Static%20Files/SCADA_Sys_Wht_Ppr-2a_New.pdf"]http://www.motorola.com/web/Business/Products/SCADA%20Products/_Documents/Static%20Files/SCADA_
Sys_Wht_Ppr-2a_New.pdf [/URL]
As you can see, the media's propaganda machine is alive and well.
"Where is the intersection between the world's deep hunger and your deep gladness?"