It took Bumgarner months to conclude that Conficker was created by the authors of Stuxnet.
First, he noticed that the two pieces of malware were both written with unprecedented sophistication, which caused him to suspect they were related. He also found that infection rates for both were far higher in Iran than the United States and that both spread by exploiting the same vulnerability in Windows.
He did more digging, comparing date and time stamps on different versions of Conficker and Stuxnet, and found a correlation — key dates related to their development and deployment overlapped. That helped him identify April Fool’s Day, April 1, 2009, as the launch date for the attack.
Bumgarner believes the attackers picked that date to send a message to Iran’s leaders. It marked the 30th anniversary of the declaration of an Islamic republic by Ayatollah Khomeini after a national referendum.
He also identified two other signals hidden in the Stuxnet code, based on the dates when key modules were compiled, or translated from programming text into a piece of software that could run on a computer.
Join the conversation as a VIP Member