Readers take me to task over 'Myrtus' reference in Stuxnet blog

It's not, as was first reported elsewhere, a Biblical reference pointing the finger at Israel.

By  

I should have been more careful with the way I passed along an attributed a piece of information in a blog about the Stuxnet worm and about which several readers called me out when I did a follow-up.

The infobit was the word Myrtus, which the security researcher who first dissected the virus reportedly discovered within it, and has been taken (or at least has been reported as having been taken) as an indication Israel may have been involved.

Myrtus, according to a story in the NYT and dozens of other news outlets at the time, is supposed to be a character in the Old Testament book of Miriam. Except there is no Myrtus in Myriam, as readers pointed out to me.

"Myrtus" is supposed to be another name by which Esther -- feminist hero of the Old Testament -- was known, as the English-language version of at least one Israel paper reported. I can't confirm that, either.

It could also refer to Myrtle plants, which are common in the Middle East, the Chilean Guava plant, or an abbreviation for My Remote Terminal Unit.

Here's what the blog at F-Secure Security Labs had to say about it:

Q: Is it true that there's are biblical references inside Stuxnet?

A: There is a reference to "Myrtus" (which is a myrtle plant). However, this is not "hidden" in the code. It's an artifact left inside the program when it was compiled. Basically this tells us where the author stored the source code in his system. The specific path in Stuxnet is: \myrtus\src\objfre_w2k_x86\i386\guava.pdb. The authors probably did not want us to know they called their project "Myrtus", but thanks to this artifact we do. We have seen such artifacts in other malware as well. The Operation Aurora attack against Google was named Aurora after this path was found inside one of the binaries: \Aurora_Src\AuroraVNC\Avc\Release\AVC.pdb.
Q: So how exactly is "Myrtus" a biblical reference?
A: Uhh… we don't know, really.

 

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question