Still, I always think WWBFT whenever someone complains about their slow phone or can't find something on Google. Most people take technology for granted today.
Export 16 first checks that the configuration data is valid, after that it checks the value “NTVDM TRACE” in the
following registry key:
If this value is equal to 19790509 the threat will exit. This is thought to be an infection marker or a “do not in- fect” marker. If this is set correctly infection will not occur. The value appears to be a date of May 9, 1979. While on May 9, 1979 a variety of historical events occured, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.” Symantec cautions readers on drawing any attribution conclusions. Attackers would have the natural desire to implicate another party.
Next, Stuxnet reads a date from the configuration data (offset 0x8c in the configuration data). If the current date is later than the date in the configuration file then infection will also not occur and the threat will exit. The date found in the current configuration file is June 24, 2012.
But really, May 9, 1979 being Rosario Dawson's birthday puts this back on the teenager in his basement path to me.
"The most important thing in a man is not what he knows, but what he is." -- Narciso Yepes