Stuxnet Speculation Jumps the Shark

One of the lessons I remember best from my early security career with Uncle Sam was the maxim: “crawl, don’t jump to conclusions.” Having heard of various botanic, historic and religious analysis on how the word “myrtus” - in a build path to a PDB file - clearly indicates that the Israelis are responsible for the Stuxnet worm, I have to conclude that this story has officially jumped the shark.

Here’s what the string in question looks like in ASCII:

b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb

I’ve had a bunch of SCADA security experience back in the day, and specifically with WinCC, so this path looked strangely familiar. What if we take the mystical word “myrtus” and write it like it would appear in the GUI like so: “My RTUs”.

Okay, can we stop speculating now until we have enough collective information?

Kthxbye.

P.S. Also, this really does highlight how ‘strings’ is not the best tool for reversing.