Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ C# VB Windows .NET General
Hello, Everyone
 
I have taken an interest in the Stuxnet virus. I was reading about it and I wondered how Symantec extracted information from the compiled executable. Does a compiler for Windows .exe's embed information about the developer in it? Say the developer PC's name is 'Jim-PC' and the account is 'Jim', does the compiler (Visual Studio 2008 for instance) embed that info into the .exe? Are there small references in the .exe about the developer? (Apart from assembly info, of course)
Posted 23-Jan-11 0:11am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

The only thing they had from the Stuxnet binary was a dll with a specific build time-stamp on it. Obviously that could easily have been faked. Other than that they use originating IPs and early detections to try and trace out from where the infection may have originated. There is a lot of social reverse engineering based research and parsing of ISP logs. And then again, a lot of it is speculation too.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web04 | 2.8.150224.1 | Last Updated 23 Jan 2011
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100