The infamous Stuxnet worm continues to capture the imagination of the general public, with theories that it was written to target nuclear plants inside Iran.
One of the so-called clues that is frequently rolled out in articles about Stuxnet is the mysterious string of characters that the worm leaves inside the Registry on infected Windows computers:
Most commentators have decided to read this as a date – namely, 9th of May, 1979.
Clearly the date isn’t being used by the worm as a trigger for a payload, as it’s over thirty years ago in the past. Instead, it’s used by the Stuxnet malware to tell whether it has already infected a computer.
It feels like everyone is focusing on the fact that a Jewish Iranian businessman, Habib Elghanian, was executed by a firing squad in Tehran on May 9 1979, and like to link it with the marker inside the Stuxnet worm.
But should we be a little more cautious and look for something more than…
Read more in my article on the Naked Security website.